Trusteer, the Boston-based security firm, has announced that it has discovered a variant of a well-known computer threat, Win32.Ramnit, that has morphed into a new threat that takes aim at financial institutions.
Said Trusteer in a statement, “Ramnit configurations captured and reverse engineered by Trusteer were found to incorporate tactics from the Zeus financial malware platform. Ramnit has borrowed from Zeus the ability to inject HTML code into a Web browser, which it is using to bypass two-factor authentication and transaction signing systems used by financial institutions to protect online banking sessions.”
Underlining the size of the threat is a recent report from security expert Symantec that pinpointed Ramnit and variants as increasingly malevolent. Symantec said that Ramnit was the single most blocked malware, alone accounting for 17% of such cases.
The Zeus malware, first identified in 2007, is known to have infected millions of computers, including some at leading financial institutions, according to security experts.
The new version identified by Trusteer is of particular interest to financial institutions, said Ayelet Heyman. senior malware analyst at Trusteer. “We are seeing a lot of financial institutions that are targeted by this worm. The objective of this malware is to steal money.”
Unwitting users, explained Heyman, inflect their machines by visiting infected websites where they are subjected to “drive-by downloads,” she said. Other users click on innocuous-seeming email links.
Institutions such as credit unions need to brace themselves for what could be fast growth in the numbers of these Ramnit attacks, especially in the United States and United Kingdom, Heyman said.