Wednesday, September 26, 2007
I jusst finished reading this paper from F-Secure regarding Bank targeting trojans. It is the first one that properly covers the Brazilian banks trojans phenomena.However, I'd like to share some comments about these two paragraphs:"Why are banking trojans so common in Brazil? Actually,malware in general is a big problem in Brazil â€“ not justbanking trojans. Brazil has a large population of which anever-growing part is now going online. As there is a constantflow of new computer users, mass social engineering attacksare very successful in compromising usersâ€™ machines. "There is an additional component, the Internet Banking scenario here in Brazil is very advanced. Several people are using IB to make almost all necessary transactions on their accounts. So, not only there are lots of bank customers who use the IB system but also it's very easy for the fraudsters to extract money from the accounts, as there are many ways to do that, from paying bills to regular funds transfer. The Brazilian banking systems allows you to electronically transfer funds from your account to any other account in any other bank immediately, so it's very easy to make it "vanish"."Banking trojans targeting Brazilian banks are typically nottargeting any banks outside the country. This is fairly natural,since the gangs making and distributing these trojans arelocal, they do not seem to have any connections tointernational criminals, and they usually come from a verypoor background. This means that crime, for them, is a way tomake an income and they do not really know that much aboutthe international banking system. Even if these gangs wouldget their hands on overseas banking credentials they wouldnot know how to use that information. "There are some very well structured criminal groups using and funding the development of those trojans. The last operations from our Federal Police showed the size and complexity of them. They are probably not targeting foreign accounts because it would be harder to bring the money to Brazil after stealing it, while they still have pretty much "room for growth" on the local market.
Posted by Augusto Barros at 4:49 PM
Monday, September 24, 2007
This post is incredibly interesting for me, as I'm actively working on SIEMs, MSS for security monitoring and insider threats.What I really liked about this is that it points to some of the ideas that I like most. it mentions the company behavior with its employees and their actions as results, the misconception about the level of automation that can be reached and the need for someone behind the nuts and bolts putting intelligence in the process. That's really a nice piece.
Posted by Augusto Barros at 6:33 PM