Picture of person typing on laptop with programming code visible on the laptop screen

World class computing and information science research at Strathclyde...

The Strathprints institutional repository is a digital archive of University of Strathclyde's Open Access research outputs. Strathprints provides access to thousands of Open Access research papers by University of Strathclyde researchers, including by researchers from the Department of Computer & Information Sciences involved in mathematically structured programming, similarity and metric search, computer security, software systems, combinatronics and digital health.

The Department also includes the iSchool Research Group, which performs leading research into socio-technical phenomena and topics such as information retrieval and information seeking behaviour.

Explore

Understanding the threat of banking malware

Etaher, Najla and Weir, George (2014) Understanding the threat of banking malware. In: Cyberforensics 2014 - International Conference on Cybercrime, Security & Digital Forensics, 2014-06-23 - 2014-06-24, University of Strathclyde.

[img]
Preview
PDF (EtaherWeir-CFC2014-understanding-banking-malware)
8_etaher_weir.pdf - Preprint
License: Creative Commons Attribution-NonCommercial 4.0 logo

Download (414kB) | Preview

Abstract

Malware is a general term for all malicious and unwanted software. Such software poses a major security threat to the computer and Internet environment. As an increasing number of people use the Internet in their daily life, inevitably users become subject to malware threats. In the field of digital forensics, malware analysis has become a significant discipline. Malicious software is becoming ever more common, but also continuously more profit driven, stealthy, and targeted, often organised by illegal associations. Furthermore, malware continues to evolve in its sophistication and there are several different types of banking malware that pose a very serious threat to bank customers. This paper presents an overview of techniques, issues, and examples from the area of malware detection. In particular, we describe Zeus as a case study in banking malware. The sophistication and adaptability of such malware presents a lasting and pernicious threat to end-users and organisations. Despite this danger, we argue that an understanding of the infection mechanism coupled with circumspect behaviour on the part of the end-user can contain such malware threats.