Understanding the threat of banking malware

Etaher, Najla and Weir, George (2014) Understanding the threat of banking malware. In: Cyberforensics 2014 - International Conference on Cybercrime, Security & Digital Forensics, 2014-06-23 - 2014-06-24, University of Strathclyde.

[img]
Preview
PDF (EtaherWeir-CFC2014-understanding-banking-malware)
8_etaher_weir.pdf
Preprint
License: Creative Commons Attribution-NonCommercial 4.0 logo

Download (414kB)| Preview

    Abstract

    Malware is a general term for all malicious and unwanted software. Such software poses a major security threat to the computer and Internet environment. As an increasing number of people use the Internet in their daily life, inevitably users become subject to malware threats. In the field of digital forensics, malware analysis has become a significant discipline. Malicious software is becoming ever more common, but also continuously more profit driven, stealthy, and targeted, often organised by illegal associations. Furthermore, malware continues to evolve in its sophistication and there are several different types of banking malware that pose a very serious threat to bank customers. This paper presents an overview of techniques, issues, and examples from the area of malware detection. In particular, we describe Zeus as a case study in banking malware. The sophistication and adaptability of such malware presents a lasting and pernicious threat to end-users and organisations. Despite this danger, we argue that an understanding of the infection mechanism coupled with circumspect behaviour on the part of the end-user can contain such malware threats.