Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

New Trusteer Cybercrime Prevention Architecture

September 2011 by Emmanuelle Lamandé

Trusteer announced new versions of the four products which make up its Cybercrime Prevention Architecture. The new capabilities remove malicious exploits in web page content, fingerprint fraudster machines attempting to access protected web applications, protect iOS and Android mobile devices from financial malware, and provide real-time data feeds on new malware attacks. Trusteer’s Intelligence Center also warned today that a second non-financial malware variant has been retrofitted with fraud capabilities and is abusing its large installed base of infected machines to attack global financial institutions.

Trusteer is still investigating this new financial malware, which it has temporarily named Shylock. Unlike the non-financial malware Ramnit which Trusteer reported last month had turned into a fraud platform, Shylock doesn’t incorporate tactics from the infamous Zeus Trojan. It appears criminals have custom developed financial fraud capabilities for Shylock.

Shylock uses unique mechanisms not found in other financial malware toolkits, including:
 An improved method for injecting code into additional browser processes to take control of the victim’s computer
 A better evasion technique to prevent malware scanners from detecting its presence
 A sophisticated watchdog service that allows it to resist removal attempts and restore operations

“As with all financial fraud toolkits, Shylock’s detection rate among anti-malware solutions and fraud detection systems is extremely low,” said Amit Klein Trusteer’s CTO. “The ability of cyber criminals to develop, distribute, and operate new tools under the radar of the industry is troubling. Enterprises and individuals continue to rely on security architectures that were designed 20 years ago and have limited value in protecting their critical assets against cybercrime attacks.”

Faced with the continually advancing sophistication of cybercrime attack methods, financial institutions and enterprises require endpoint protection against zero-day malware and phishing attacks, as well as real-time actionable intelligence they can automatically feed into layered fraud prevention and security systems. Trusteer’s Cybercrime Prevention Architecture (TCPA) and Trusteer’s Intelligence Center combine to deliver 24x7 detection and blocking of new attacks, which has included the discovery of the Shylock, Ramnit, SunSpot, and Oddjob financial malware platforms.

Trusteer today announced the following new versions of the core products that make up the TCPA:

 Trusteer Rapport has been enhanced with exploit prevention capabilities which monitor webpages loaded into the browser and remove malicious content that tries to exploit vulnerabilities in the browser or its add-ons. Trusteer has also added a new rapid response cycle into Rapport which updates its entire customer base within ten minutes when a new threat is detected. Trusteer Rapport already prevents malware toolkits from installing on the computer and accessing information inside the browser. It also detects malware activity and removes the files associated with it.

 Trusteer Pinpoint – This client-less login and transaction anomaly detection solution can now detect and alert customers when fraudster machines attempt to access protected web applications. Using a network of sensors deployed at multiple large financial websites, Trusteer Pinpoint is capable of fingerprinting and building a database of machines that are owned by fraudsters. This capability supplements Pinpoint’s existing ability to detect machines infected with malware that attempt to access web applications.

 Trusteer Mobile – In addition to iOS, Trusteer now supports Android and the upcoming iOS 5 platform. Trusteer is currently the only vendor to provide a solution that protects both iOS and Android devices against cybercrime committed using malware and phishing attacks.

 Trusteer Situation Room – Trusteer’s Online Fraud Intelligence and Risk Analysis Service has been enhanced with a new interface that allows financial institutions and large enterprises to access real-time data and generate alerts on cybercriminal activity and new attack methods that target specific organizations.

Availability

Trusteer’s Cybercrime Prevention Architecture with new versions of Trusteer Rapport, Trusteer Pinpoint, Trusteer Mobile and Trusteer Situation Room is available now.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts