Malware Automates Hacking
A lot of the developments that occurred in the computing world in the past years involved the automation of day-to-day tasks. These developments have made peoples’ lives so much easier, causing the development of a dependency on them. Paralleled by innovations, however, is abuse, as cybercriminals continually employ them in malicious schemes with a single goal in mind—to gain profit.
This very reason—profit—has proven to be a sufficient motivation for blackhat hackers to constantly innovate in terms of attacking security technology. They research, explore, and develop malicious programs that we now call “malware.” Although these malware are continuously developed, whether to become more resilient to antivirus solutions or to become more effective in terms of their intended payload, the threat trends paint a consistent picture—malware automate hacking.
Manual Hacking in the Early Days
In the early days of hacking, everything had to be manually done. Hackers needed to manually check computers for weaknesses or for open ports to in order to hack targeted machines. Once in, hackers manually executed their intended actions, depending on their intention.
Today, various tools like vulnerability and port scanners are widely available on the Internet. Backdoor applications can remotely manipulate compromised systems and worms automated the proliferation of malware through self replication. Even generating malicious files can be automated with the help of malicious toolkits.
Information and Financial Theft
Given the malware advancements today, one can assume that pretty soon, cybercriminals will just spread malware on the Internet, watch TV, and wait for stolen money to be deposited into their bank accounts (if this is not already happening). This is something that we interestingly saw materialize in the form of TSPY_BANKER.PHT.
TSPY_BANKER.PHT is a banking Trojan that specifically targets users associated with the Brazilian bank, Banco do Brasil. Upon stealing user account information, this malware attempts to automatically transfer money to a predetermined account. This is similar to a ZeuS and SpyEye feature known as auto-transfer system (ATS). Here is a screenshot of a dump of TSPY_BANKER.PHT’s code:
 |
Highlighted in the screenshot are the hard-coded malicious account names and numbers (blurred) and the amounts of money (in Brazilian Reals) that it will attempt to transfer. It also uses electronic funds transfer (ETF) to accomplish this. TED is a money transfer system wherein the money is made available to the recipient within a few minutes. This money transfer is only for transactions that involve huge amounts of money, specifically amounting to more than R$3,000.00. According to Trend Micro senior threat researcher Ranieri Romera, “Cybercriminals may have targeted TED because of the amount of money involved. Users who use TED can no longer cancel a transaction once it’s confirmed as well. Note, however, that most of the people in Brazil do not have keep as much money in their accounts, making the malware slightly inefficient though it can incur a lot of damage to those who do.”
This threat is definitely worth keeping an eye on, as it does not only cause information theft on the affected users’ part but can also lead to immediate financial loss. ATS first needs to communicate with a C&C server before it can transfer money while TSPY_BANKER.PHT automatically does this.
As more and more malicious activities are automated with the use of malware, it looks like there will be more future challenges for the security industry. What we may know as highly targeted attacks today may one day be just malicious codes operating independently for their malicious creators.
Thanks to Trend Micro senior threat researcher Ranieri Romera for the heads up on TSPY_BANKER.PHT.
Post from: TrendLabs | Malware Blog – by Trend Micro
Malware Automates Hacking
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet