“Brazil: a country rich in banking Trojans”

“Brazil: a country rich in banking Trojans” provides an overview of the techniques used by cybercriminals to steal personal data belonging to customers of the biggest Brazilian banks. The article is authored by Dmitry Bestuzhev, Kaspersky Lab's Senior Regional Researcher for Latin America.

Brazil's highly stratified social structure often means that those on a low income are drawn into illegal activity, including writing malicious programs. Online banking systems are widely used in Brazil, so creating malicious programs designed to steal banking data is an attractive proposition. Additionally, the country does not have legislation which effectively combats cybercrime. Bradesco, Caixa, Banco do Brasil and Itaú are the banks most commonly targeted by banking malware.

Many banks suggest that their online banking customers install a special plug-in – G-Buster – on their computers before they access the online banking system. The G-Buster plug-in is designed to prevent any malicious code from running during the authorisation or transaction process. Other banks (e.g. Itaú) provide their customers with other security tools in addition to the plug-in, such as tokens or security cards. However, the author notes that these mechanisms either do not provide reliable protection or are expensive and banking customers are therefore reluctant to buy them.

Malicious programs targeting banks are most commonly spread from websites. Cybercriminals will compromise pages on legitimate sites located on domains around the world, or use temporary or free hosting in order to spread their malware. Banking customers are then led to these sites with the help of spam messages that employ classic social engineering tactics.

The cybercriminals use Trojan programs that are designed to download and install other malicious programs to banking customers' computers. These programs have a range of different functions: they may steal account data to social networking sites, combat antivirus solutions, monitor activity when the user connects to banking sites, intercept session data, and send harvested data such as passwords and user names to the cybercriminals.

Cybercriminals also collect personal data that can be used to compromise bank accounts from social networking sites such as Orkut, which has over 10 million Brazilian members.

Software designed to prevent the theft of personal data is often used for the opposite purpose. In order to steal email passwords, cybercriminals use legitimate programs which can restore forgotten passwords. Such programs are capable of reading passwords stored in the most popular mail clients such as Microsoft Outlook, Microsoft Outlook Express, etc.

Once cybercriminals have stolen personal data and gained access to a customer's bank account, they generally employ money mules; the first transaction will be made from the victim's account to a money mule account. The mules in their turn transfer the money to a third account in return for a commission. However, if only a small sum has been stolen the money will generally be directly transmitted to the cybercriminals' account.

The cybercriminals who use fraud and malicious programs to steal money from Brazilian bank accounts in Brazil are generally young people from poor families. They share a motivation with real-world criminals – the desire to make quick and easy profits.

The problem of cybercrime is exacerbated by the fact that banks wish to avoid public investigation of such thefts. In order to protect their reputation, banks prefer to compensate customers for losses incurred by infection with malicious code, and simply recommend that the affected customer reconfigures his computer by reinstalling the operating system.

The author also stresses that the cybercrime departments in different Brazilian states experience difficulty in exchanging data with each other. However, this problem is not exclusive to Brazil and affects many other countries. Additionally, online banking customers' limited awareness of IT security issues can cause them to fall into the hands of cybercriminals.

According to Dmitry Bestuzhev, there is no reason to expect the Internet will become safer while the problems detailed in the article continue to exist. He believes that Brazilian banks should invest more heavily in security solutions that will offer their customers reliable protection, including distributing tokens or other security devices free of charge. This would reduce the likelihood of cybertheft, and correspondingly reduce overall losses.

The author also suggests that IT security companies and law enforcement agencies and governmental bodies around the world should work on interacting more effectively with each other.

The full version of the article is available at www.viruslist.com/en.

This material can be reproduced provided the author, company name and original source are cited. Reproduction of this material in re-written form requires the express consent of the Kaspersky Lab PR department.