Recently, I wrote an article for (In)Secure Magazine focusing on two financial trojans: namely Zeus and URLZone. In the article I go into some depth looking at the configuration files and the command and control options that the malware writer has provided in the toolkit.

I think what is of concern is that it is increasingly easy for someone to use these toolkits which means that there will be more attempts at setting up botnets than we have previously seen. Also, they will be running malware that uses increasingly sophisticated methods to dupe the victim.

I think URLZone is particularly grim as it seems to show the direction in which hackers will go which seems to be the implementation of man-in-the-browser attacks. These attacks allow the malware to circumvent the security put in place by most sites and even two factor authentication is ineffective in protecting customers.

The future is malware that effectively hides itself in the operating system of choice which means that anti-virus software will either fail to detect or will require days to detect it. During that period of grace, the malware will be able to wait until the victim has successfully logged on to their bank (for instance but certainly not limited to this alone) before inserting itself between the browser and the bank’s website and then automatically and invisibly transfer money to the destination of choice: usually some individual who believes they are working for a legitimate company.

The victim will be totally unaware that this money has been transferred until they receive their paper statement. So, until this has been resolved, do not let your bank persuade you to stop those statements.

The result is that Internet users have to be increasingly careful. The best solution seems to be to reuse an old desktop or laptop that has been retired and reformat that system and install a free operating system like Linux. Then only use that system for financial transactions. It must not be used to surf the web or to download email. This way the threat is greatly diminished. Without emails to deliver infected attachments or URLs and no casual surfing to contaminated websites, the chance of a Linux operating system becoming a home to malware is massively reduced.

This may seem like overkill but given the increasing importance of information that is being stored on websites and the cunning of the malware writers, it seems like a good use of old hardware to me.