Warning: Hesperbot taking aim at Europe and Asia


Users of online banking services are at risk from a new 'in the wild' Trojan, Hesperbot, which has been discovered by the ESET malware research lab.

Researchers have found that infections of users in Turkey are currently most rife, with users in the Czech Republic, Portugal, Thailand and the United Kingdom also falling victim along with smatterings elsewhere. Victims in the Czech Republic, so it would seem, have been hardest in terms of financial loss with ESET claiming that people hit by Hesperbot in this region have "lost significant amounts of money as a result".

Hesperbot is spread using very credible looking phishing emails, with the primary aim of accessing bank accounts and a secondary one of attempting to install a mobile component of the malware on mobile devices running Android, Blackberry or Symbian operating systems.

Hesperbot appears to be quite a sophisticated piece of malware. Although it has the kind of key logger capabilities, desktop screen shot and video capture functionality and remote proxy set-up that you might expect of any self-respecting malware these days, Hesperbot goes the extra mile as it were. Additional tricks include creating a hidden VNC server on the infected system, and the addition of network traffic interception and HTML injection capabilities.

Researchers say that while the functionality is similar to Zeus or SpyEye, both banking Trojans that have been around for some time, Hesperbot introduces significant implementation differences and as such is a brand new malware family rather than just a new variant of an old theme.

Not everything about Hesperbot is new though, take the phishing campaign being used to spread it for example. Robert Lipovsky, the ESET malware researcher who is leading the team analyzing it, explains that in the Czech Republic, for example, the people behind the malware registered a domain that was very similar to the official Czech Postal Service site and used credible looking parcel tracking notification emails to lure people in. However, different regions have been targeted with different phishing scams: in Turkey, where the known infection rate is highest, a fake invoice scam was used.

Full technical details and analysis can be found at the ESET 'We Live Security' site.


ss125 commented: Thanks for the info!!! +3
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

ss125 18 Posting Whiz in Training

Nice Information... Since I am related to financial domain(eventhough our clients are not from the above mentioned location) we can atleast provide an alert regarding this information to ur clients..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.