Incident Response, Malware, TDR

Gameover Zeus most active banking trojan in 2013, researchers report

The most active banking trojan of 2013 was the Gameover variant of Zeus, according to the latest research by the experts with the Dell SecureWorks Counter Threat Unit (CTU).

While Gameover Zeus accounted for 38 percent of banking trojan activity observed by CTU in 2013, Citadel was a close second, accounting for 33 percent of activity, and the standard Zeus came in third with 13 percent of activity, according to a report. Runners up include Shylock, Torpig, Gozi, Bugat, and IceIX, all of which fell between two and seven percent of monitored trojan activity.

“It's interesting to see how cyber criminals have been able to operate these botnets for years and have learned to adapt their tactics, techniques, and procedures to evade security products and services,” Brett Stone-Gross, senior security researcher with CTU, told in a Wednesday email correspondence. 

The scope of the problem is also noteworthy, Stone-Gross said, explaining that of the 900 financial institutions targeted in more than 65 countries around the globe, the majority of them were based out of the United States. These institutions include everything from commercial banks, credit unions and payroll vendors to social media and dating websites, according to the report.

“U.S. financial institutions have always been a target for financial fraud, since there are many accounts with large sums of money, and not all organizations have enough security protections in place to defend against sophisticated attacks due to a lack of budget and/or security expertise,” Stone-Gross said.

Financial institutions in Germany, Spain, Italy, Canada, France, Australia and the UK were also big targets, according to the report, which added that 2013 saw an increase in targeted organizations in the Middle East, Africa and Asia.

Gameover came on the scene in the middle of 2011 and has many similar properties to Zeus, such as logging keystrokes to steal banking credentials, but it also comes packaged with malicious functions that allow it to launch distributed denial-of-service (DDoS) attacks against financial institutions.

Most recently, a variant was discovered that allows Gameover to sneak past perimeter security – including firewalls, webfilters and network intrusion detection systems – by disguising itself as an encrypted EXE file.

Speaking on banking threats in 2014, Stone-Gross said that mobile malware will continue to increase in popularity as banks utilize SMS for two-factor authentication.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.