Six major banks within the UK have been the target of the relaunched Ramnit Trojan, according to research by IBM’s X-Force. After a silent period of approximately eight months, it appears that Ramnit’s operators have set up two new live attack servers, as well as a new command-and-control (C&C) server. The Trojan is configured to equip the malware with webinjections that are specifically deigned to target personal banking users. Brian Laing, VP Business Development at Lastline commented below.

Brian Laing, VP Business Development at Lastline:

Brian Laing“Lastline’s Global Malware Knowledge base has seen an exponential explosion in Ramnit attacks across the globe, and indicates that these attacks appear to be targeted specifically at:

1. Large banking institutions
2. Government institutions
3. Large consulting organisations

In addition, Lastline can identify at least eleven (11) malware code derivatives of Ramnit, meaning that criminals are sharing code components in order to rapidly develop new attacks. We have also identified the top URLs from where these attacks are emanating.

This latest high-profile attack reinforces the absolute imperative that organisations add advanced malware detection and elimination capability to their computer and network defense fabrics, and that this malware detection capability works at the kernel level of the computer stack. Without this capability in place, attacks like the Ramnit derivatives will continue plague institutions worldwide.”

Information Security Buzz