Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Recent reports have stated that a massive campaign of fraud is planned to hit various US banks. Approximately 100 cybercriminals are said to be part of this planned campaign.

    It is believed that this attack will be launched using newly-developed malware related to the Gozi banking Trojan, which has been called Gozi-Prinimalka. Overall, the capabilities of this new threat are broadly similar to other banking malware such as ZeuS, SpyEye, and Gozi itself.

    We’ve been able to analyze the configuration files of existing Gozi-Prinimalka variants that are currently in the wild. Based on this, customers of the following financial institution are at increased risk:

    • Accurint
    • American Funds
    • Ameritrade
    • Bank of America
    • CapitalOne
    • Charles Schwab
    • Chase
    • Citibank
    • eTrade
    • Fidelity
    • Fifth Third Bank
    • HSBC
    • M&T Bank
    • Navy Federal Credit Union
    • PNC
    • Regions Financial Corporation
    • Scottrade
    • ShareBuilder
    • State Employees Credit Union
    • Suntrust
    • The Huntington National Bank
    • United States Automobile Association
    • USBank
    • Wachovia
    • Washington Mutual
    • Wells Fargo
    As we said earlier, we were able to determine the targeted institutions by analyzing the downloaded configuration files. A snippet of these configuration files can be seen by clicking on the thumbnail below; it clearly shows how we were able to determine which sites were at risk, as well as giving insights into the code that is used to modify the sites in question.

    We are in contact with the above financial institutions in order to help mitigate this threat. In the meantime, we advice clients of the institutions listed above to pay particular attention to any wire transfers made out of their accounts, as it is believed that this is how the attack will be conducted by the attackers.

    In the meantime, Trend Micro products detect these Trojans as various BKDR_URSNIF variants, such as BKDR_URSNIF.B. We are also working continuously to find and block any websites that host this malware, as well as any command-and-control servers.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice