TrustDefender looks deep into banking trojan's soul

Alex Zaharov-Reutt
Tuesday, 25 November 2008 08:49

Your IT - Home IT

Banking trojans, such as the reviled “SilentBanker” trojan that is capturing unsuspecting and even anti-virus protected users by surprise and ripping money out of bank accounts, are digital curses upon not only users but the financial industry as a whole. Security experts TrustDefender take it apart in their latest blog entry.

If you use a Windows based computer to do your online banking, chances are that you have an up-to-date Internet Security package with anti-virus, anti-malware/spyware, anti-rootkit, firewall and more.

But the latest trojans can be like undetected viruses – if your Internet security doesn’t know about a particularly brand new threat, will you still be protected?

Chances are the answer to that question is “no”, no matter what commercial Internet Security suite you are using – or at least, not until that suite has updated its “definitions” to include the latest trojan, so it can be detected and dealt with.

Over the past couple of years, an Australian security company called TrustDefender has taken a completely different approach, with software able to detect and physically stop any malware on any Windows computer, be it known or unknown, from penetrating your online banking (or any other transactional session online) - even if your computer is infected with the toughest and sneakiest trojans out there, or new ones hot off the cybercrim’s programming malware press.

That’s what TrustDefender claim, and they’ve been recognised by the Australian Information Industry Association, winning an award (among others) in the financial category, and already have financial institutions offering TrustDefender software to their customers.

In addition, TrustDefender’s software works by making your computer a part of the bank’s security chain – the first software to do so.

It’s also completely browser independent, meaning it does not matter whether you are using Internet Explorer, Firefox, Google Chrome, Safari or something else, because browser independence means just that. You can find out more about how TrustDefender works on its website.

The company is led by Ted Egan, the CEO and co-founder and by Andreas Baumhof, co-founder and CTO. On TrustDefender’s blog, Baumhof regularly looks deep into the soul of the latest crimeware to understand the latest tricks, techniques and mindset of the malware programmer and online criminal.

The latest blog entry, dated November 24 2008, takes an “In-depth look at a Silentbanker variant (Silentbanker.B)”.

Baumhof, explains that last week he was looking “at a compromised computer that was infected with the Silentbanker.B variant”, and he took the opportunity to “recover all relevant files including the installer.”

How did this nefarious trojan get onto a compromised computer that Andreas was now performing some forensics on? Through the horrors of the drive-by-download and as the computer’s Antivirus software had no signatures for the Silentbanker trojan, it was able to install itself.

What TrustDefender found within is on page 2... please read on.