A lot of the developments that occurred in the computing world in the past years involved the automation of day-to-day tasks. These developments have made peoples’ lives so much easier, causing the development of a dependency on them. Paralleled by innovations, however, is abuse, as cybercriminals continually employ them in malicious schemes with a single goal in mind—to gain profit.
This very reason—profit—has proven to be a sufficient motivation for blackhat hackers to constantly innovate in terms of attacking security technology. They research, explore, and develop malicious programs that we now call “malware.” Although these malware are continuously developed, whether to become more resilient to antivirus solutions or to become more effective in terms of their intended payload, the threat trends paint a consistent picture—malware automate hacking.
Manual Hacking in the Early Days
In the early days of hacking, everything had to be manually done. Hackers needed to manually check computers for weaknesses or for open ports to in order to hack targeted machines. Once in, hackers manually executed their intended actions, depending on their intention.
Today, various tools like vulnerability and port scanners are widely available on the Internet. Backdoor applications can remotely manipulate compromised systems and worms automated the proliferation of malware through self replication. Even generating malicious files can be automated with the help of malicious toolkits.
Information and Financial Theft
Given the malware advancements today, one can assume that pretty soon, cybercriminals will just spread malware on the Internet, watch TV, and wait for stolen money to be deposited into their bank accounts (if this is not already happening). This is something that we interestingly saw materialize in the form of TSPY_BANKER.PHT.
TSPY_BANKER.PHT is a banking Trojan that specifically targets users associated with the Brazilian bank, Banco do Brasil. Upon stealing user account information, this malware attempts to automatically transfer money to a predetermined account. This is similar to a ZeuS and SpyEye feature known as auto-transfer system (ATS). Here is a screenshot of a dump of TSPY_BANKER.PHT’s code:
Read the rest of this entry »