A lot of the developments that occurred in the computing world for the past years involved the automation of day-to-day tasks. These developments have made peoples’ lives so much easier, therefore causing the development of a dependency to them. Paralleled by the innovations, however, is their abuse, which cybercriminals employ in their malicious schemes that have one goal in mind: to gain profit.
This very reason – profit – has proven to be a sufficient motivation to blackhat hackers to constantly innovate in terms of attacking computing security technology. They research, explore, and develop malicious programs we call today as “malware”. Although these malware are continuously developed whether to become more resilient to anti-virus solutions or to be more effective on whatever payload they are intended for, the threat trend suggests one consistent picture: malware is automated hacking.
Manual Hacking in the Early Days
As an example, during the early days of hacking, everything had to be done manually. Hackers needed to manually check computers for weaknesses or open ports to be able to hack their way into a target machine. Once they are in, they also execute their intended actions manually, based on their intention.
Today, various tools like vulnerability scanners and port scanners are widely available over the Internet. Backdoor malware can remotely manipulate a compromised machine, and worms automate the spreading of malware through self replication. Even the generation of malicious files can be automated through the help of malicious toolkits.
Information, and Financial Theft
Given the trend of malware advancements today, one may assume that pretty soon, cybercriminals will just spread their malware over the Internet, watch TV, and wait for stolen money to be deposited in their bank accounts (if this is not already the norm). Something that, interestingly, we’ve started to see materialize in the form of TSPY_BANKER.PHT.
TSPY_BANKER.PHT is a banking Trojan that specifically targets users associated with the Brazilian bank, Banco do Brasil. Upon stealing user account information, this malware attempts to automatically transfer money to a pre-defined account. This is similar to a feature seen in ZeuS and Spyeye called Auto Transfer System (ATS). Here is a screenshot of a dump of TSPY_BANKER.PHT’s code:
This is a threat definitely worth keeping an eye on, as it does not only cause information theft for the affected user, but also immediate financial loss.
The difference is that ATS needs to communicate first with the C&C before performing money transfer while TSPY_BANKER.PHT automatically does this by itself.
With more and more malicious activities being done automatically through malware, it looks like there will be more challenges for the security industry in the future. What we may know as highly-targeted attacks today may one day be just malicious codes operating independently for their malicious creators.
Thanks to Trend Micro Researcher Ranieri Romera for providing us the sample of TSPY_BANKER.PHT.
Leave a reply