US Banks Targeted By Fraud Campaign

Recent reports have stated that a massive campaign of fraud is planned to hit various US banks. Approximately 100 cybercriminals are said to be part of this planned campaign.

It is believed that this attack will be launched using newly-developed malware related to the Gozi banking Trojan, which has been called Gozi-Prinimalka. Overall, the capabilities of this new threat are broadly similar to other banking malware such as ZeuS, SpyEye, and Gozi itself.

We’ve been able to analyze the configuration files of existing Gozi-Prinimalka variants that are currently in the wild. Based on this, customers of the following financial institution are at increased risk:

  • Accurint
  • American Funds
  • Ameritrade
  • Bank of America
  • CapitalOne
  • Charles Schwab
  • Chase
  • Citibank
  • eTrade
  • Fidelity
  • Fifth Third Bank
  • HSBC
  • M&T Bank
  • Navy Federal Credit Union
  • PNC
  • Regions Financial Corporation
  • Scottrade
  • ShareBuilder
  • State Employees Credit Union
  • Suntrust
  • The Huntington National Bank
  • United States Automobile Association
  • USBank
  • Wachovia
  • Washington Mutual
  • Wells Fargo
As we said earlier, we were able to determine the targeted institutions by analyzing the downloaded configuration files. A snippet of these configuration files can be seen by clicking on the thumbnail below; it clearly shows how we were able to determine which sites were at risk, as well as giving insights into the code that is used to modify the sites in question.

We are in contact with the above financial institutions in order to help mitigate this threat. In the meantime, we advice clients of the institutions listed above to pay particular attention to any wire transfers made out of their accounts, as it is believed that this is how the attack will be conducted by the attackers.

In the meantime, Trend Micro products detect these Trojans as various BKDR_URSNIF variants, such as BKDR_URSNIF.B. We are also working continuously to find and block any websites that host this malware, as well as any command-and-control servers.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

US Banks Targeted By Fraud Campaign

Read more: US Banks Targeted By Fraud Campaign

Story added 13. October 2012, content source with full text you can find at link above.