In the first quarter of 2013, the NSS brief "Online Banking Fraud 1: Know The Enemy" provided an in-depth guide to advanced financial malware. This update discusses the evolution of financial malware in the second and third quarters of 2013. There has been a great deal of innovation in financial malware. New suites have emerged, such as Hesperbot and Beta Bot. New techniques have appeared, such as replacing command and control (C2) servers with blogs. A potential breakthrough for man-in-the-browser (MITB) malware is promised with the advertisement of self-propagating Zeus. Source code for another Trojan has leaked. With the rapid progression of financial malware, banks must ensure their antifraud controls remain robust.
Click here for related research on banking and financial cybersecurity.