Beware the Malware Banner
Have you already heard about the banner trick? Not yet?
This is one of the latest sophisticated additions found in the Zeus malware configuration. This addition has been recently discovered, analyzed and reported by Trusteer.
Malware such as Zeus place their focus in online banking fraud. Online banking fraud is a serious affair judging by last year’s UK annual report, which showed a total loss of £365.4 (million) resulting mainly from online banking fraud.
Banks have done much in the past to prevent or to reduce the risk of becoming a victim of online banking fraud; however, malware is smart and tries to find new approaches to steal money online. Banner injections are the latest attempt when it comes to this type of fraud.
The Zeus malware is targeted towards people who visit leading trusted websites with high traffic such as AOL, Amazon, Apple, etc. Whenever a user browses one of these sites, the malware will create a customized banner on the infected machine and it will embed the banner into the target content.
An average user would assume that the banner is genuine and legitimately belongs to the target content, because the banner has been embedded and integrated fully into the highly trusted website. The banner is fully adapted to the target content by having the right colour, the correct font type and a style that is similar to the website.
Banner example:
A click on this banner will lead the user to a professional looking website that offers lucrative business investment opportunities to wealthy people and sells profitable investment schemes securely over SSL – that is nothing more than a fraud scheme. The injection code has been seen as a simple banner on a trusted website, but it has also been discovered as a full site text where the trusted owner of the website is making an explicit recommendation to invest money into this fraud scheme.
Unlike many other malware attacks this approach is new, because it does not focus on attack codes. The new approach is more about selling fraud schemes (scam) that appear very legitimate and trustworthy on leading websites. The interesting point with this fraud website is that an average user will hardly notice this scam.
That’s why it would affect many thousands of users who would have invested large sums of money into this scam voluntarily. There is no need for hackers to collect sensitive data from a remote machine as a user is voluntarily transferring money to them.
As the use of online banking increases, it is more than essential to invest money into affordable web security products such as anti-virus and web filtering. Web filtering would have prevented the user from accessing such phishing and scam websites (if the website has already been marked and listed as scam).
Web filtering in general classifies websites into good and bad websites. Professional web filters do more than this. They classify websites into different sub categories such as “Entertainment”, “Social Marketing” and more. This would allow the administrator to have greater differentiation when deciding whether sites should be allowed or blocked.
A good professional web filtering product would have blocked thousands of access requests that leaded to the scam website and is just another step in preventing such losses due to online banking fraud.
Basically, isn’t it too much hassle to create a banner and use it? I mean since the CTR for banners is notoriously low, I guess not many people will show interest in the banner and visit the site? Nevertheless, thanks for keeping us posted on all new malware techniques.
Crafty, but still somewhat obvious. Any marketer will tell you that an ad that matches the typeface and color scheme of the content it is embedded in may be deceptive, but not eye-catching, and in the internet world, how many banner ads do we just scroll right past without looking at every day? Still, as I said, a clever trick that hopefully is not long from disappearing from the spammer’s cookbook.
Spammers and hackers are increasing up the ante. They’re getting more creative to try to lure potential victims.
The Zeus malware has been around the webosphere for almost four years now.
The good news: more than 90 people were already arrested in connection with the Zeus malware.
The very very BAD NEWS:
Just this month, Zeus malware’s source codes were shared online for everyone to see, use, manipulate, and exploit. Some even sold the complete and running package online. What a shame.
The malware banner is targeted at inexperienced users. We IT pros know about internet marketing and we do skip banners and all sorts of ads but how many billions of users are unaware of this? All these billions of users who don’t know the ins and outs of internet marketing are a target. Plenty of fish this is!