21 August 2017
Find out more

Trusteer warns of criminal switch from Zeus to Bugat

13 October 2010  |  1898 views  |  0 Source: Trusteer

Trusteer, the leading provider of secure browsing services, today announced that its researchers have discovered a new version of the Bugat financial malware used to commit online fraud.

Bugat was distributed in the recent phishing campaign targeting LinkedIn users, which was generally considered to be trying to infect machines with the more common Zeus Trojan. The emergence of this new version of Bugat appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known and therefore harder to detect and block.

"Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection"

Bugat is similar in functionality to its better known financial malware brethren Zeus, Clampi and Gozi. It targets Internet Explorer and Firefox browsers and harvests information during online banking sessions. The stolen financial credentials are used to commit fraudulent Automated Clearing House (ACH) and wire transfer transactions mostly against small to midsized businesses, which result in high-value losses. Bugat is three times more common in the US than Europe, but its distribution is still fairly low.

In last week's attack, LinkedIn users received emails reminding them of pending messages in their account and providing a malicious URL. When a victim clicked on the link they were directed to a fraudulent website where a java applet fetched and installed the Bugat executable. LinkedIn spam email is an effective tool to push malware to enterprise users, and is being used to gather credentials for commercial bank accounts and other sensitive services used by businesses.

"Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection," said Mickey Boodaei, CEO of Trusteer. "We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant agaiaainst new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet."

Trusteer warns that the recent industry focus on Zeus is making it easier for other Trojans, like Bugat, SpyEye, and Carberp which are less wide spread but equally sophisticated, to avoid detection. Carberp currently targets nine banks in the United States, Denmark, The Netherlands, Germany, and Israel. These lesser known financial malware platforms are expected to increasingly compete with the Zeus toolkit to become the new Trojan of choice for criminal groups.

Comments: (0)

Comment on this story (membership required)

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comvisit www.niceactimize.comvisit www.vasco.com

Who is commenting?

A Finextra member Finextra Member Commented on: Real-time payments in...
A Finextra member Finextra Member Commented on: Barclays uses sensors...

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
11516 views comments | 26 tweets | 23 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
9773 views comments | 22 tweets | 31 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
9593 views 0 | 5 tweets | 1 linkedin
Norwegian banks and startups form fintech clusterNorwegian banks and startups form fintech...
9338 views comments | 19 tweets | 23 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
9255 views comments | 10 tweets | 8 linkedin