Kaspersky Lab publishes article 'Crimeware: A new round of confrontation begins…'

04 May 2010
Virus News

Kaspersky Lab announces the publication of the analytical article ‘Crimeware: A new round of confrontation begins…’ by Yury Mashevsky, head of strategic technology development at the company. The article examines the current state of malware attacks on clients of financial organizations and methods for combating such attacks more effectively.

More often than not, the attacks on clients of financial organisations follow a well-trodden path: the search for a suitable victim and the infection of their computer, the theft of their online banking login credentials, followed by the subsequent withdrawal of the victim’s funds. ‘Drive-by’ downloads and botnet programs are usually responsible for the infections. It is with this kind of malware that the cybercriminals steal users’ money most readily, and they are constantly finding new victims. The numbers clearly show an exponential increase in the amount of attacks on clients of banks and other financial organisations in recent years.

The cybercriminals are all too familiar with the update release process, from start to finish. They know all about the time it takes to update a database, and they are well aware that it is only a matter of time before their creations are detected. That is why they often choose the following plan of attack: they release a malicious file, then a few hours later when the antivirus programs have started to detect it, they launch a new attack with another of their creations, each time gaining a small window of opportunity a few hours wide — and so on, and so on.

This shows that the response time of most antivirus technologies such as signature-based and generic detection do not meet today's needs. Furthermore, the security methods offered by financial organisations do not always resolve the problem of client fund losses in cases where Trojans are used.

Some of the players in the antivirus market are already using in-the-cloud technologies to assist in detecting and blocking malware content, as well as limiting its sources. This includes methods such as client-server technologies that analyse metadata containing information about malware activity on users’ computers. The advantages of in-the-cloud technologies include faster and better quality threat detection as well as the ability for in-depth analysis of attacks.

Yury Mashevsky suggests that closer cooperation between anti-virus vendors, financial organisations and government agencies when combating cybercriminals would improve the situation greatly. For financial organisations this approach could minimise risks and reduce payments incurred from these types of incidents. Antivirus companies would be afforded the opportunity to more effectively combat targeted attacks.

The full version of the article can be found at www.securelist.com/en