Despite growing security measures, malware and Trojans are not only growing in number, but are also increasing in sophistication. Malware authors constantly seek new ways to use existing and/or unpatched zero-day vulnerabilities to create the next breed of cybercrime techniques. A recent blog post by Kafeine, a notable security researcher, makes reference to an undocumented vulnerability in Adobe Flash that targets different combinations of Internet Explorer versions running on a variety of operating systems, including Windows, Mac and Linux.

Attacks against unpatched vulnerabilities are popping up regularly and sometimes take months or even years for software publishers to patch. Armed with this knowledge, fraudsters rely on these time gaps when they design new techniques that are capable of stealing customer credentials and performing fraudulent transactions such as transferring money to new destinations — often without the victim being aware that anything is amiss.

To top it off, cybercriminals are aware of the various fraud prevention technologies many organizations deploy and try to use this knowledge when designing new attack mechanisms to circumvent their existing fraud controls. For example, fraudsters can bypass various forms of authentication by using social engineering campaigns to convince users to divulge their credentials.

IBM’s Findings on Malware

An additional point to note is the relatively low effect on the latest Windows operating systems, Windows 8 and Windows 8.1. One possible explanation is the fact that Microsoft has introduced numerous built-in security improvements into these operating systems, including an application reputation system and protection from boot-time rootkits. Additionally, there are a number of low-level security improvements that let these operating systems manage memory in a more secure way, including features that make security vulnerabilities harder to exploit.


Another interesting example is Zeus, which was first identified in 2007 and is specifically designed to steal online banking credentials. Despite the fact that the original Zeus kit is no longer developed, data shown below clearly demonstrates that this malware strain has remarkable distribution and a widespread effect on the various operating systems. One thing to note is the effect on Zeus on the Opera browser, as applied to the mobile channel. This is not the first sighting of known PC-grade malware code being reused for new attack methods using a mix of original and borrowed techniques. In this instance, Zeus is attacking mobile devices with users accessing their online banking platforms via Opera in what is known as Zeus-in-the-Mobile.


While this information refers to the most prevalent malware strains and their immediate effect on the most popular operating systems and Web browsers, one cannot afford to remain stagnant. Cybercriminals are constantly attempting to find new ways of either persuading users to divulge their credentials or merely stealing them in a variety of sophisticated methods while performing fraudulent transactions on their behalf. This is exactly where Trusteer’s suite of cybercrime prevention products comes into play.

The IBM Security Trusteer cybercrime prevention architecture comprises multiple adaptive layers of protection at the endpoint and Web application layers, powered by a Web-based threat intelligence platform policy and configuration management application and malware forensic services. The IBM Security Trusteer management application provides organizations with control over IBM’s deployment and visibility into real-time threat information. This lets security and IT professionals configure IBM’s protection layer to meet specific business requirements in today’s changing threat landscape while minimizing capital and operational expenses and maximizing the effectiveness of threat protection.

more from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however,…

World’s Largest Darknet Market Shut Down, $25 Million in Bitcoin Seized

On April 5, German authorities announced the takedown of the Hydra marketplace, the world’s largest darknet market trading in illicit drugs, cyberattack tools, forged documents and stolen data. The criminal operation, with about 17 million customer accounts, raked in billions in bitcoin before getting shut down. On its website, the Federal Criminal Police Office (BKA) stated it had secured and…