by Andy Gent
The latest bank account-raiding Trojan, Hesperbot, includes element to persuade users to install a mobile malware component of the software onto Symbian, Blackberry and popular Android smartphones.
The software, which has been reported infecting computers in the UK and throughout Europe is distributed through convincing package tracking documents from postal companies or purports to be an invoice from the internet provider.
The phish-like e-mail sent to potential victims contains a malicious file with a double extension .PDF.EXE.
Win32/Spy.Hesperbot made its first appearance in early August and is “a very potent banking Trojan” which features common functions such as keystroke logging, creation of screenshots and video capture, and setting up a remote proxy. It also includes some more advanced tricks, such as creating a hidden VNC server on the infected system, network traffic interception and HTML injection capabilities. Win32/Spy.Hesperbot does all this in quite a sophisticated manner. The inclusion of automated money transfer is what makes this code so malicious, and reflects the evolving complexity and professionalism of criminal gangs targeting new technologies including cloud-based servers.
With computerised processes in place and malware installed criminals can now drain bank accounts faster and more efficiently than ever, while at the same time making their activity even more difficult to detect. The inclusion of a mobile element is especially concerning given the eagerness shown by many banks to include account access and currency transfer across mobile platforms. The provision of dual cameras on many smartphones is also clearly an issue if this malware and similar strains are allowed to infect a handset. There is already a growing issue of cyber blackmail using captured stills and video from PCs, but the mobile, carried almost everywhere we go is far more likely to deliver images and video of a more personal nature that criminals can use to further target their victims.