DE RU CN DE EN ES FR JP PL UA

News & Events | Sonderangebote | Lizenzierung | Zentrum zur Bekämpfung von Cyber-Kriminalität | Unternehmen

The history of banking Trojans

The first banking Trojans—malicious programs designed to steal user data and files needed to access e-banking systems—appeared in 2005-2006. In 2006, definitions for malignant programs in the family Trojan.PWS.GoldSpy were added to the Dr.Web virus databases. These Trojan horses became prototypes of the most common Zeus malware (Trojan.PWS.Panda). Originally, Trojan.PWS.GoldSpy programs were designed to steal the digital currency E-Gold, but later they were also employed to steal money via other payment systems. At that point, criminals didn't yet have web-inject technology at their disposal to replace content on browser-loaded web pages. Nevertheless, the first banking Trojans had very diverse features: in particular, they could monitor entered URLs for key words and log data entered by users in web forms on corresponding sites, take and save screenshots, and redirect users to fraudulent web pages. Later, in 2007, Trojan.PWS.Banker malware came into existence. On infected computers, these programs displayed a fake Microsoft Internet Explorer window showing a page imitating the look and feel of certain remote banking sites. The Trojan.PWS.Banker’s main purpose was to collect the logins and passwords that users entered in the fake browser window.

As time went by, the technologies used by hackers also advanced: new Trojan.PWS.GoldSpy and Trojan.PWS.Egold modifications enabled cybercriminals to steal remote banking credentials and intercept transaction TAN codes. Also registered in 2008 were incidents involving a Backdoor.Haxdoor modification that allowed attackers not only to steal remote banking credentials and digital certificates, but also to gain unauthorized access to one of the remote banking processing systems. The extent of the damage that could be inflicted by the Trojan is hard to overestimate.

The popularity of banking Trojans reached its peak in 2011. Among those banking Trojans considered to be the most dangerous are: Trojan.Carberp, Trojan.PWS.Ibank, Trojan.PWS.Panda (also known as Zeus and Zbot) and Trojan.PWS.SpySweep (also known as SpyEye).


Booklet "The blind do not fear snakes"

The main objective of Internet swindlers is to steal money. In the pursuit of their goal, they are constantly developing new versions of banking Trojans.

Read this booklet yourself and recommend it to your company’s CEO and CFO. After all, protecting a company’s finances against cyber theft may guarantee the success of the organization and its employees.

Go on social networks to tell your friends about this booklet and encourage them to read it!