Until the 2012 onslaught of advanced malware, released in targeted persistent attacks (TPAs) by nation states, the vanguard of malware has arguably been financial trojans. For at least the last six years, fraudsters have leveraged advanced botnet malware to wage an epic battle against banks across the globe and despite banks recently having gained the upper hand, fraudsters have successfully stolen hundreds of millions of dollars. In 2007, the arrival of Zeus heralded a breakthrough for fraudsters. The trojan’s ability to bypass multifactor authentication allowed criminals to hijack a fully authenticated session and then divert funds from compromised accounts. This new capability gave rise to a complete ecosystem dedicated to the movement of funds from compromised bank accounts and into the pockets of malware crews.

The three main mitigation vectors against this blitz of advanced malware are client-based protection, backend protection, and direct action against the fraudsters, all of which will be covered in upcoming NSS analyst briefs. Zeus has served as the template for most successful man-in-the-browser (MITB) trojans, and is covered in depth in this brief. The advanced functionality of Zeus is emulated by most modern banking trojans. Once novel functionality is available on one platform, it is quickly implemented in others.