Sanity Check

Fri, 22 Feb 2013 – Kevin Wilson, Director of Public Relations

Recently, Trusteer wrote a blog post about malware threats to the banking industry that has received generous media coverage. After reviewing their findings about the updated Tilon and Tinba Trojans and the articles that have come from the news, we felt it is in the best interest of our customers and the industries we serve that we issue a “sanity check.” Below is a Q&A with our security experts on the size, scope and seriousness of these “new” threats.

1. What is novel about the Tilon and Tinba banking Trojans and modifications to their techniques that have brought about this recent attention?

Tilon and Tinba are using very old methodologies that have been common in online fraud for many years. We disagree that they are among the most ‘sophisticated malware toolkits’ as banks that are using standard practices will be able to counteract them. Simple defenses such as geolocation, session management and IP fingerprinting can greatly assist in detecting these Trojans.

2. Should banks or other financial organizations be concerned with these “sneakier” threats and their new techniques? Is this recent warning warranted?

The ‘new’ methodology used by these Trojans is reminiscent of the very old banking Trojan: Zeus version 1. Tinba is slowly trying to gain the features of the well-understood Zeus 2 Trojan and its associated infrastructure. Any financial institution following the 2011 FFIEC guidance (which is mandatory) should be able to detect and defeat this malware. There is little new here.

3. What should banks do to ensure they are adequately protected against this malware?

Banks need to deploy antifraud solutions behind their firewall to monitor anomalous traffic, but they really need to deploy a strong antifraud strategy on their customers’ endpoints. They need a solution that is proven and well designed.

4. What types of threats should banks and their customers worry about today?

Bank malware is rapidly developing; Citadel and new Trojans are bypassing weakly designed antifraud controls and are rapidly developing new smartphone software to bypass bank authentication controls. Banks need to understand real threats and thoroughly test products when choosing customer-facing solutions. Those that do, choose solutions that provide true protection, such as Wontok SafeCentral, rather than those which actually facilitate malware infection.