(WEB HOST INDUSTRY REVIEW) — In an effort to help banks and other organizations prevent future losses, block subsequent attacks, and take down command and control servers, secure browsing services provider Trusteer (www.trusteer.com) has launched Trusteer Flashlight, a remote fraud investigation and mitigation service that identifies the attack source on a customer’s machine, gathers samples, and can reverse engineer the mechanism used by the malware to commit fraud.
Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over US$120 million in the third quarter of 2009, according to estimates presented at the recent RSA Conference in San Francisco by the US Federal Deposit Insurance Corporation, with nearly all incidents relating to malware on online banking customers’ PCs.
According to its Monday announcement, Trusteer’s new service performs remote forensic investigations on customer machines to detect source of fraud and mitigate future attacks.
“Financial institutions and their customers are being targeted by purpose built malware variants designed to evade detection and commit online fraud specifically against their brand,” Trusteer chief technology officer Amit Klein said in a statement. “The Trusteer Flashlight service enables banks to counter strike these targeted attacks. By performing a forensic investigation on the victimized computer, Trusteer rapidly provides financial institutions the information they need to mitigate any additional financial losses from a zero day malware variant.”
Trusteer chief executive officer Mickey Boodaei will present the session, “Financial Malware in the UK – New techniques for Defense,” at this week’s E-crime Congress 2010 (www.e-crimecongress.org) at the Victoria Park Plaza Hotel in London. Boodaei will present findings from reverse engineering performed by Trusteer’s research organization on the Silon financial Trojan which targets UK-based financial institutions. In the UK online banking fraud were losses up 55 percent in first half of 2009 to £39 million (more than $58 million) according to Financial Fraud Action UK (www.ukpayments.org.uk).
To enable financial institutions to respond in real-time to financial fraud, Trusteer’s Rapport desktop forensic and protection software immediately identifies malware, or in the case of an unidentified variant, detects suspicious malware behavior and lifts a sample or samples from the computer. The Trusteer Flashlight service then instantly initiates a remote investigation into an attack, which is examined and reverse engineered by Trusteer’s fraud and malware experts to identify the mechanism used to commit fraud.
Following the analysis, the financial institution receives a full report on the malware, the complete source code for future reference, and detailed recommendations on how to detect and block future attacks. In addition, Trusteer reports the malware to all desktop security vendors for industry-wide protection, performs ongoing analysis of associated command and control servers, and submits them to takedown services.
