New Malware Code: Webinjects

Friday, November 4, 2011 @ 01:11 PM gHale


There is a new type of extensible code developed by attackers using Trojans like SpyEye and Zeus called webinjects.

Webinjects are now for sale or rent on open Internet forums, said web security provider Trusteer.

RELATED STORIES
Attackers Hijack MIT Server
Microsoft Working on Duqu Fix
Zeus Now Using Autorun
Duqu Installer Exploits a Zero Day

Trusteer, which collates data anonymously from the millions of online banking service users that have installed its Rapport browser plug-in, said webinjects are malware configuration directives used to inject rogue content in the web pages of bank websites. They then steal confidential information from customers.

The security software firm said from the advertisements its research team have seen there are multiple targets, including British, Canadian, American, and German banks. The price of a single webinject code unit starts at $60, ranging up to $740 for a U.S. pack and $800 for a UK pack.

Cybercriminals have been busy developing webinjects for Zeus and SpyEye to orchestrate and develop malevolent attacks against certain banks, said Amit Klein, Trusteer’s chief technology officer.

Developers earn some nice coin selling the Zeus/Spyeye webinjects service, Klein said.

One interesting element is the developers are not too bothered if the customer has the skill set to use the product. Klein said the developers have gone to the trouble of obfuscating the Zeus/Spyeye webinjects, not because they want to confuse malware researchers, but to try and prevent piracy of their software.

“That means, ironically, that these criminals are actually taking steps to protect their own intellectual property. I suppose they have to do something as they can’t resort to litigation”, he said, adding, since webinjects cannot be modified by the customer, if they need localization for a specific country and language, only the developers can do the work.



Leave a Reply

You must be logged in to post a comment.