Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Two Year Malware Campaign Could be Spying on your Bank Account
Around 24 major banking institutions have been affected by dangerous malware that has been targeting the accounts of users for more than two years.
According to a report by The Register citing research from Zscaler, the Win32/Trojan Caphaw has been targeting customers of banks including Barclays, Bank of Scotland, Santander, First Direct, Capital One, and Co-Operative, as well as major international institutions. It is not known if the attacks have been successful and the methods being used for infection are unclear, but it has been revealed that Caphaw is most prevalent right here in the UK and in other European countries.
Using the browser processes of victims, the malware is able to use a self-signed SSL certificate to trigger ‘phone home’ communication with remote command and control servers. This encryption is developed in such a way that it is able to keep the malware under the radar of ISP-level network security tools, The Reg said.
Zscaler believes that the attacks are most likely exploiting vulnerable versions of Java, with Caphaw remaining stealthy by hooking into legitimate processes such as explorer.exe and iexplorer.exe.
“We can tell that it is more than likely arriving as part of an exploit kit homing in on vulnerable versions of Java. The reason we suspect this is that the user-agent for every single transaction that has come through our behavioural analysis solution has been: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_07,” explained Zscaler in a blog post.
“We suspect it is coming from a Java exploit on the version listed in the blog,” added researcher Chris Mannion. “Other vectors this threat has used in the past include Skype, social media, and email spam.”
Another Reason for Cloud Web Security
The way in which Trojan Caphaw operates is not a new tactic, but it is one that makes it hard for authorities to track down the offenders. Whether you bank with one of the institutions targeted by this strain of malware or not, it is important that you do everything in your power to protect your private information – this starts with cloud web security. Malware that gets into a system can be hard to defeat, but with ITWiser’s cloud web security viruses are detected at cloud level and eliminated before they are allowed to get anywhere near your computer.
The integrity of your business and the protection of your data are as important to us as they are to you and our cloud web security service is proof of this.