About Banking Malwares and its Prevention – 2016 Guide

Today we’ll discuss about the hijack method used in banking sector i.e. botnets to steal money or some sensitive information from the user.

What are these botnets used for?

They are used for many different purposes like gathering private details, logins to websites, credit card information, bank logins, PayPal accounts etc.

If you can use a simple keylogger or any other RAT with keylogging function, why specifically go for botnet?

That’s because of the function called webinjecting. By injecting the browser’s API, the botnet is then able to edit the original website the victim is viewing and show what you want the victim to see.

For example, you have ZEUS Botnet with chase webinject on it, and when your victim visits the bank’s address http://www.onlinebanking.com/ , and enters his account login info (Username and Password), a pop-up is displayed, blackening the background, asking for additional information like date of birth, SSN no, Credit Card details, etc as per your like.

What all is needed for running a botnet and maintaining it?

First of, you need a bulletproof VPS (shared or dedicated) or a fastflux server and a domain, recommended registration in offshore countries.

And depending on which botnet you choose, you’ll need Crypting. Generally 1 crypt costs around $1 to $10 for each crypt. And you’ll be needing to crypt every once in a while, for like a botnet with 10k bots, and you’re running spyeye,

I would recommend Crypting your bin and updating it every 3-4 days, so that your bots don’t die aka their Antivirus detects your spyeye and removes it etc.

But now new botnets like citadel have auto-crypting function, where it crypts the bin on its own and stays undetected. This way you save money on crypting.

How you can secure yourself from these injections?

Well i would personally suggest you to use Online Banking in “Private Mode” in your browser and follow all the security guidelines like to check green bar at address, Privacy Lock, Genuinity, domain extension, spelling mistakes etc.

net banking malwares

There are so many factors through which you can check the genuinity of any banking website. Below are some easy ways to check whether a particular site is genuine or not:

  1. Check their Contact Us page and check If there is contact information like address,telephone number etc is provided.
  2. Check About Us page on the website to know more about the company/website.
  3. If you are joining any new site make sure to check reviews of that particular site online. You can search for Google and read the reviews.
  4. If it is site which claims to pay their users (like PTC,GPT sites, ad networks etc) check their payment proofs online. You can search in any search engine for the same.
  5. There are several websites or blog sites online that provide a long list of sites that are fake. Check if that website appears in the list.

To read more about safety precautions, please visit this link.

Related Posts