Candid Wüest Symantec
download slides (PDF)
For nearly ten years have we been fighting against malware that targets online banking. Trojans like Zeus, SpyEye, Torpig & co. have managed to loot millions of dollars from infected user accounts over the years.
This paper will analyse the current state of online banking malware. How sophisticated are the current versions of these trojans and how did they evolve? What techniques are currently used to bypass the security measures of online banking applications? Are man-in-the-browser attacks still the most sophisticated ones, or are other attacks like proxies or DNS redirections taking over? How much do the attackers focus on mobile banking or tokens on mobile phones like mTANs since these features have been introduced to create a second authentication channel, independent from the infected PC, in order to protect against trojan attacks?
We will dissect new features like the P2P option of Zeus, but also lesser known methods like the Firefox XUL injection used by Trojan.Neloweg.