2

Users of online banking services are at risk from a new 'in the wild' Trojan, Hesperbot, which has been discovered by the ESET malware research lab.

Researchers have found that infections of users in Turkey are currently most rife, with users in the Czech Republic, Portugal, Thailand and the United Kingdom also falling victim along with smatterings elsewhere. Victims in the Czech Republic, so it would seem, have been hardest in terms of financial loss with ESET claiming that people hit by Hesperbot in this region have "lost significant amounts of money as a result".

Hesperbot is spread using very credible looking phishing emails, with the primary aim of accessing bank accounts and a secondary one of attempting to install a mobile component of the malware on mobile devices running Android, Blackberry or Symbian operating systems.

Hesperbot appears to be quite a sophisticated piece of malware. Although it has the kind of key logger capabilities, desktop screen shot and video capture functionality and remote proxy set-up that you might expect of any self-respecting malware these days, Hesperbot goes the extra mile as it were. Additional tricks include creating a hidden VNC server on the infected system, and the addition of network traffic interception and HTML injection capabilities.

Researchers say that while the functionality is similar to Zeus or SpyEye, both banking Trojans that have been around for some time, Hesperbot introduces significant implementation differences and as such is a brand new malware family rather than just a new variant of an old theme.

Not everything about Hesperbot is new though, take the phishing campaign being used to spread it for example. Robert Lipovsky, the ESET malware researcher who is leading the team analyzing it, explains that in the Czech Republic, for example, the people behind the malware registered a domain that was very similar to the official Czech Postal Service site and used credible looking parcel tracking notification emails to lure people in. However, different regions have been targeted with different phishing scams: in Turkey, where the known infection rate is highest, a fake invoice scam was used.

Full technical details and analysis can be found at the ESET 'We Live Security' site.

e52576f388626d404fe8d104b924e737

Edited by happygeek: unstuck

Votes + Comments
Thanks for the info!!!

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
1
Reply
24
Views
4 Years
Discussion Span
Last Post by ss125
0

Nice Information... Since I am related to financial domain(eventhough our clients are not from the above mentioned location) we can atleast provide an alert regarding this information to ur clients..

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.