Teamwork: How the ZitMo Trojan Bypasses Online Banking Security

AppId is over the quota
AppId is over the quota

Mobile transaction authorization numbers (mTAN) used to be one of the most reliable online banking protection mechanisms. However, with the emergence of a ZeuS Trojan for smartphones – ZeuS-in-the-Mobile, or ZitMo – mTANs can no longer guarantee that valuable user data will not fall into the hands of cybercriminals.

First detected in late September 2010, ZitMo is designed to steal mTAN codes sent by banks in text messages and remains one of the most interesting examples of malware for mobile phones. “First of all, it is cross-platform in nature: we detected versions for Symbian, Windows Mobile, BlackBerry and Android,” explains Denis Maslennikov, Senior Malware Analyst at Kaspersky Lab. “It is a Trojan with a very narrow specialization: its main aim is to forward incoming text messages with mTAN codes to malicious users (or a server, in cases involving ZitMo for Android) so that the latter can execute financial transactions using hacked bank accounts. But perhaps its most distinctive feature is its ‘partnership’ with the classic PC-based ZeuS Trojan. Without the latter, ZitMo is merely spyware capable of forwarding text messages. The ‘teamwork’ between the two components enables cybercriminals to successfully bypass mTAN security measures used in online banking.”

The attacks are generally orchestrated as follows:

  • Cyber criminals use the PC-based ZeuS to steal the data needed to access online banking accounts and client mobile phone numbers.
  • The victim’s mobile phone (see point 1) receives a text message with a request to install an updated security certificate, or some other necessary software. However, the link in the text message will actually lead to the mobile version of ZeuS.
  • If the victim installs the software and infects his phone, then the malicious user can then use the stolen personal data and attempt to make cash transactions from the user’s account, but will need an mTAN code to authenticate the transaction.
  • The bank sends out a text message with the mTAN code to the client’s mobile phone.
  • ZitMo forwards the text message with the mTAN code to the malicious user’s phone.
  • The malicious user is then able to use the mTAN code to authenticate the transaction.

Attacks involving ZitMo or malicious programs with similar functionality that are designed to steal mTAN codes or other confidential information will no doubt continue in the future. Therefore users of smartphones should remember some important rules of mobile security: always review the permissions that an application requests at install time; do not root or otherwise 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can. If you do install Android software from a source other than the Market, be sure that it is coming from a reputable source. Don’t click the URLs you receive in spam SMS. Run a reputable antivirus on your phone, and keep it up to date. Install any and all security patches as soon as they are available.

For more details on the ZitMo Trojan and how it functions on different mobile platforms, see Denis Maslennikov’s article ‘ZeuS-in-the-Mobile – Facts and Theories’ at: www.securelist.com.

More aboutTeamwork: How the ZitMo Trojan Bypasses Online Banking Security
on 7:14 PM 0 comment

“Advanced+” for Kaspersky Anti-Virus 2012 in AV-Comparatives’ On-Demand Malware Test

AppId is over the quota
AppId is over the quota

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that its product Kaspersky Anti-Virus 2012 has been awarded the “Advanced+” grade – the highest possible – in On-Demand testing for malicious software detection and false alarms conducted by respected independent anti-virus testing laboratory AV-Comparatives.

The on-demand testing – a classic AV evaluation method – was conducted on 20 well-known, up-to-date anti-virus products of different manufacturers in August 2012, and the final results were published on September 27. Approximately 200,000 recent, prevalent malware samples were used in the testing, and Kaspersky Anti-Virus 2012 successfully detected 98.3% of them; some of the other products tested detected around just 85%; the average score was 96.2%.

The 20 AV products were also tested for the number of false positives they showed up - that is, how many out of hundreds of thousands of clean files were falsely indicated as malicious. Kaspersky Anti-Virus 2012 returned just one false positive, which is another superb result - especially when one considers that the highest grade in this test is named “Few” [false positives] and a product can achieve this best-of-the-breed status with even as many as 15 false positives. Some other tested products in the testing gave results in the 50s - firmly in the “Many” category. Besides, it should be noted that the single false positive that Kaspersky Anti-Virus 2012 did show up is hardly ever found in real-world situations. Nevertheless, it was immediately fixed.

Nikita Shvetsov, Director of Anti-Malware Research of Kaspersky Lab, said: “We are glad to see that AV-Comparatives is working on increasing the quality of the test collection, and we think that the 200 000 files used in the latest test represent accurately the situation with real-life prevalent malware today. However, an On-Demand test doesn’t show up all the capabilities of a product, since it only tests a limited number of AV technologies. Therefore, for a full-fledged comparison, we would recommend also looking up Whole Product Dynamic tests and Proactive tests, which are also regularly conducted by AV-Comparatives and other reputable testing labs.”

More detailed information on the results of the testing can be found at:
http://www.av-comparatives.org/images/stories/test/fp/avc_fp_aug2011.pdf

More about“Advanced+” for Kaspersky Anti-Virus 2012 in AV-Comparatives’ On-Demand Malware Test
on 2:42 PM 0 comment

Quote of the week: Security and privacy issues of iCloud servers

AppId is over the quota
AppId is over the quota

Costin G. Raiu, Director of the Global Research and Analysis Team of Kaspersky Lab:

“With Apple releasing iCloud for developers, the battle for domination in the market of cloud-centric OSes is finally breaking out. The real key point here is of course iOS5 – the new Apple operating system that will take full advantage of clouds. This indicates that Apple is moving in exactly the same direction as Google and Microsoft by designing and planning to deploy an operating system that is fully integrated with the cloud. This is further confirmed by Steve Jobs' statement regarding Apple’s long-held interest in the creation of an operating system that doesn't rely on local file system storage.

Interestingly, Apple has chosen a different path from Google here: while Google – with ChromeOS – is trying to push users into using their cloud storage, iCloud is presented as an added feature, which can be purchased separately from the hardware.

So, what does this mean from a security point of view? Basically, we are talking about the same class of risks as ChromeOS – all your digital content might be available to anyone who knows your password. I believe it's completely reckless nowadays to provide such a service without two factor authentication, which makes it prone to basic data theft techniques.

Of course, even if security is indeed improved through multi-factor authentication methods, we are still faced with the issue that all the data is available on the cloud, in one place. Just as Sony recently learned, the cloud is not always impenetrable - on the contrary, its fundamental nature makes it an interesting target for cybercriminals, and no doubt it will continue to be a focus for them.

In a hypothetical case when both the cloud and client devices are 99.99% secure, we still have another vulnerable layer - the network which will communicate, send, receive and authenticate customers. From this point of view we may face a new growth of attacks on the network layer – when user information can be intercepted, faked, denied and distorted. Therefore, we might see new and more sophisticated attacks on the network layer side”.

More aboutQuote of the week: Security and privacy issues of iCloud servers
on 11:41 AM 0 comment

Kaspersky Lab’s New Endpoint Protection Solution Makes Businesses Ready for the Next Cyber Threat

AppId is over the quota
AppId is over the quota

Kaspersky Lab announces the release of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center. The new endpoint protection solution and comprehensive management console are designed to keep businesses ahead of emerging threats with intelligent security solutions from the leading anti-malware experts at Kaspersky Lab.

“With this new release we deliver a comprehensive Endpoint Protection Platform that consists of seamlessly integrated security modules. We have merged real-time, cloud-assisted protection with intelligent proactive endpoint protection, and have created a compelling security center that will help companies of all sizes protect themselves against emerging IT threats, including targeted attacks, and thus improve their productivity,” said Petr Merkulov, Chief Product Officer of Kaspersky Lab.

Deep anti-malware protection, based on Kaspersky Lab’s strong expertise and balanced global footprint, is supplemented with a broad set of IT security features, including Application Control, Web Filtering, and Device Control. Kaspersky Endpoint Security 8 for Windows integrates with a cloud-based security intelligence system, which provides real-time updates for new and unknown threats and support for application whitelisting.

The efficiency of Kaspersky Endpoint Security 8 for Windows has been proven in the first independent testing, conducted by AV-Test.org, the reputable German independent research center. A total of seven corporate security solutions from different vendors were evaluated in the testing, and Kaspersky Endpoint Security 8 for Windows was awarded the highest number of points. Specifically, Kaspersky Lab’s corporate solution successfully detected 100% of widespread malware samples, blocked all zero-day malware attacks, and returned the best result in the detection and removal of active malware from an infected machine. Detailed results of Kaspersky Endpoint Security 8 for Windows in the independent testing can be found at AV-Test.org.

Kaspersky Endpoint Security 8 for Windows is managed by a newly designed Kaspersky Security Center, which succeeds the Kaspersky Administration Kit. This new management console presents many new features for comprehensive control and manageability, supports physical as well as virtual environments, and is scalable to fit the needs growing businesses.

Common Threats in the Corporate Environment

According to a recent Kaspersky Lab survey, in the past 12 months at least one IT Security incident was experienced by 91% of the companies surveyed. Almost a third of company representatives questioned admitted that they had incurred sensitive data loss as a result of malware infection.

Though malware attacks are the most common type of business security threat, only 70% of the companies surveyed have fully implemented anti-malware protection; 3% have no anti-malware protection at all.

The list of the most immediate current threats also includes potentially dangerous software vulnerabilities, network attacks (including targeted and DDos attacks), phishing, and spam. Large companies in developing markets are those most frequently targeted by cyber criminals.

Besides protection from malware, most companies also actively use client firewalls as well as tools for vulnerability checks and updating software. But for protection of corporate infrastructure to be fully effective a security policy covering all endpoint devices needs to be enforced too. Control over programs used, network activity, and external devices can reduce the risk of unauthorized access to sensitive data and thus prevent possible financial losses.

Further reading: the whitepaper on Typical IT Security Mistakes in the Corporate Environment.

Key Features

The new versions of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center provide intelligent protection by seamlessly harnessing new and improved features. The most notable among them are:

  • Enhanced Protection: The new anti-virus engine incorporates improved pattern-based signature technology, which offers efficient malware detection with smaller update sizes. The System Watcher module constantly monitors program activities and can undo damage caused by malicious programs.
  • Integration with the cloud: Kaspersky Endpoint Security 8 for Windows integrates with the Kaspersky Security Network, a cloud-based threat intelligence database that gathers and exchanges file, URL reputation and malware information in near real-time. Kaspersky Lab’s products and technologies protect more than 300 million users spread relatively evenly over five continents. This provides a balanced global footprint of “sensors” as well as knowledge of region-specific threats, and allows Kaspersky Lab to provide rapid and highly effective protection for businesses.

For more details read the Kaspersky Security Network whitepaper.

  • Application Control and Whitelisting strengthen companies’ security stance against targeted attacks by enabling IT administrators to set policies to:
    • allow or block certain applications (or application categories) using Application Startup Control;
    • monitor and restrict certain applications’ activities using Application Privilege Control; and
    • monitor and prioritize application vulnerabilities using the Application Vulnerability Monitor. This provides IT administrators with centralized reports about the most critical vulnerabilities of installed software and informs about possible risks.

For more details read the Application Control and Whitelisting whitepaper.

  • Endpoint Control: In addition to Application Control, this new solution provides effective tools for device control and web filtering, and enforces corporate security policies in order to reduce the attack surface. Device Control allows companies to create flexible and granular policies to manage device access privileges as per bus, device type, or individual device serial number. Web Filtering allows blocking of malicious websites and undesirable web content. Together with protection from web-based threats, Web Filtering ensures highly secure Internet access - especially important for remote or roaming workers.

For more details read the Endpoint Control whitepaper.

  • Intelligent Personal Firewall and Intrusion Detection System for enhanced protection from network attacks, regardless of connection type or location.
  • Manageability, scalability and virtualization support: Kaspersky Security Center is a centralized security management system that can create actionable reports on all aspects of IT security. This new management solution is fully scalable and supports virtualization technologies within the Security Center administration structure.
    • Manageability: Kaspersky Security Center is a central management and deployment console for Kaspersky Lab’s endpoint security solutions. It can use pre-defined policies and settings to provide immediate out-of-the-box protection, or be fine-tuned to allow for more precise and specific safeguards.
    • Virtualization support with scalability: Kaspersky Security Center is fully scalable and optimized to be used in virtualized environments, and supports VMware’s virtual machine management. Installation and maintenance of relevant Kaspersky Lab solutions on non-persistent virtual machines is also possible. There is also an option to create a two-level administration server hierarchy on a single physical server in order to reduce operating costs and set up an easily scalable security management system. This feature requires no third party virtualization tools.

For more details read the Virtualization Enhancements whitepaper.

Quotations

Eugene Kaspersky, Chief Executive Officer and co-founder, Kaspersky Lab

“Kaspersky Endpoint Security 8 for Windows is a key addition to our comprehensive security suite, which helps businesses to be ready for the next challenge in IT security. It combines efficient anti-malware protection with a broadened feature set, designed to build stronger corporate security policy and control the attack surface. Our new products offer near real-time hybrid protection by tightly integrating signature-based, proactive, and cloud-assisted detection technologies.”

Nikolay Grebennikov, Chief Technology Officer, Kaspersky Lab

“One of the major benefits of Kaspersky Endpoint Security 8 for Windows is comprehensive Application Control and Whitelisting functionality. It is backed by the cloud-based Kaspersky Security Network with a superior categorized database of legitimate applications. It also offers a flexible and efficient Default Deny scenario, under which the startup of all applications on endpoint PCs is blocked, except for those listed in the cloud-assisted and local Whitelisting databases. Unlike the widespread Default Allow mode, this method radically enhances corporate IT security, saves IT resources and at the same time is convenient for employees.”

Pricing and availability

Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center are included in Kaspersky Open Space Security, a corporate IT security platform developed by Kaspersky Lab. Please contact a Kaspersky Lab representative to check the products’ availability and prices.

About Kaspersky Lab

Kaspersky Lab is the world's largest privately-held Internet Security company, providing comprehensive protection against all forms of IT threats such as viruses, spyware, hackers and spam. The company's products provide in-depth computer defense for more than 300 million systems around the globe, including home and mobile users, small and medium sized businesses and large enterprises. Kaspersky technology is also incorporated inside the products and services of nearly 100 industry-leading IT, networking, communications and applications solution vendors. Learn more.

More aboutKaspersky Lab’s New Endpoint Protection Solution Makes Businesses Ready for the Next Cyber Threat
on 7:08 AM 0 comment
Subscribe to: Posts (Atom)