Perhaps the biggest problem with cybercriminals is that they are extremely difficult to catch. Think of a real-life bank robbery with guns and face-masks \u2014 the thieves leave fingerprints; their voices are recorded by security cameras; police can trace their cars using traffic cameras; and so on. All of that helps the investigators find the suspects. But when cybercriminals pull off a robbery, they leave \u2026 basically nothing. No clues.<\/p>\n
Yet sometimes they get caught. Remember the SpyEye banking trojan<\/a>? Its creators were caught in 2011. Remember the Carberp group, which was active from 2010 to 2012? Caught as well. How about the infamous Angler exploit kit, which suddenly went off the radar<\/a> in late June? Lurk malware stopped its attacks around the same time \u2014 because the group behind it got caught<\/a>, with the help of Russian authorities and Kaspersky Lab.<\/p>\n The story began back in 2011, when we first encountered Lurk. What caught our eye was the fact that some nameless Trojan that used remote banking software to steal money was classified by our internal malware naming system as a Trojan that could be used for many things \u2014 but not stealing money. So we took a closer look.<\/p>\n The investigation yielded almost no results \u2014 the Trojan seemed to do nothing. But the attacks continued, and our analysts were able to get more and more samples to look at.<\/p>\n During that time, we learned a lot about Lurk. For example, it had a modular structure: When the Trojan detected that it had infected a computer with remote banking software installed, it would download the malicious payload, which was responsible for stealing money. That is why our naming system didn\u2019t call Lurk a banking Trojan at first \u2014 the payload was missing.<\/p>\n A technical look at #Lurk<\/a> #banking<\/a> #Trojan<\/a> https:\/\/t.co\/rNsJ0YHimW<\/a> pic.twitter.com\/vT7YLXZOae<\/a><\/p>\n \u2014 Kaspersky (@kaspersky) June 10, 2016<\/a><\/p><\/blockquote>\n\n