An old Banking Trojan's new sophistication

A dangerous variant of the Ramnit malware has been discovered targeting the UK’s financial sector. The Trojan injects highly convincing and interactive real-time messages into the user web stream, as seem when logging into a UK online banking session. Though the Ramnit worm was first discovered in 2010, the new variant has incorporated source code from the notorious Zeus banking Trojan. The malware avoids detection by going into sleep mode until its intended victim logs into their online bank account, at which point it activates and presents them with a fraudulent phishing message.

Takeaway: Attackers are exploiting the trust relationship the user has with the bank. This is indeed a new level of social engineering. So far, fewer than 10 banks have been targeted in the UK, but in the US, most smaller banks are running off the same off-the-shelf system purchased from select banking software vendors.