Users of online banking services are at risk from a new 'in the wild' Trojan, Hesperbot, which has been discovered by the ESET malware research lab.
Researchers have found that infections of users in Turkey are currently most rife, with users in the Czech Republic, Portugal, Thailand and the United Kingdom also falling victim along with smatterings elsewhere. Victims in the Czech Republic, so it would seem, have been hardest in terms of financial loss with ESET claiming that people hit by Hesperbot in this region have "lost significant amounts of money as a result".
Hesperbot is spread using very credible looking phishing emails, with the primary aim of accessing bank accounts and a secondary one of attempting to install a mobile component of the malware on mobile devices running Android, Blackberry or Symbian operating systems.
Hesperbot appears to be quite a sophisticated piece of malware. Although it has the kind of key logger capabilities, desktop screen shot and video capture functionality and remote proxy set-up that you might expect of any self-respecting malware these days, Hesperbot goes the extra mile as it were. Additional tricks include creating a hidden VNC server on the infected system, and the addition of network traffic interception and HTML injection capabilities.
Researchers say that while the functionality is similar to Zeus or SpyEye, both banking Trojans that have been around for some time, Hesperbot introduces significant implementation differences and as such is a brand new malware family rather than just a new variant of an old theme.
Not everything about Hesperbot is new though, take the phishing campaign being used to spread it for example. Robert Lipovsky, the ESET malware researcher who is leading the team analyzing it, explains that in the Czech Republic, for example, the people behind the malware registered a domain that was very similar to the official Czech Postal Service site and used credible looking parcel tracking notification emails to lure people in. However, different regions have been targeted with different phishing scams: in Turkey, where the known infection rate is highest, a fake invoice scam was used.
Full technical details and analysis can be found at the ESET 'We Live Security' site.
