Home > Resources > Whitepapers > ZARATHUSTRA: Extracting WebInject Signatures from Banking Trojans

ZARATHUSTRA: Extracting WebInject Signatures from Banking Trojans

Modern trojans are equipped with a functionality, called WebInject, that can be used to silently modify a web page on the infected end host. Given its flexibility, WebInject-based malware is becoming a popular information-stealing mechanism. In addition, the structured and well-organized malware-as-a-service model makes revenue out of customization kits, which in turns leads to high volumes of binary variants. Analysis approaches based on memory carving to extract the decrypted webinject.txt and config.bin files at runtime make the strong assumption that the malware will never change the way such files are handled internally, and therefore are not future proof by design. In addition, developers of sensitive web applications (e.g., online banking) have no tools that they can possibly use to even mitigate the effect of WebInjects. WebInject-based trojans insert client-side code (e.g., HTML, JavaScript) while the targeted web pages (e.g., online banking website, search engine) are rendered on the browser. This additional code will capture sensitive information entered by the victim (e.g., one-time passwords) or perform other nefarious actions (e.g., click fraud or search engine result poisoning). The visible effect of a WebInject is that a web page rendered on infected clients differs from the very same page rendered on clean machines. We leverage this key observation and propose an approach to automatically characterize the WebInject behavior. Ultimately, our system can be applied to analyze a sample automatically against a set of target websites, without requiring any manual action, or to generate fingerprints that are useful to determine whether a client is infected. Differently from the state of the art, our method works regardless of how the WebInject module is implemented and requires no reverse engineering. We implemented and evaluated our approach against live online websites and a dataset of distinct variants of WebInject-based financial trojans. The results show that our approach correctly recognize known variants of WebInject-based malware with negligible false positives.

I'm For Real

Enter your details once to access all our information and resources

Spotlight

Nextel Mexico

Nextel Mexico is a company belonging to the corporate NII Holdings, Inc. based in Reston, Virginia and is present also in Argentina, Brazil, Chile and Peru, publicly listed on the stock market (NIHD). Since 1998, it has proven to be a solid and dynamic company that offers quality service its users, and added values ​​in different fields. Throughout 13 years of presence in the country, Nextel has been characterized by innovation in terms of communication and provide users with solutions that optimize its activities and resources. Nextel is a leading radio service. A clear example of this evolution are the attractive tariff plans, value added services and Nextel teams are now lighter, stylized, always taking into account the needs of the story to public communication he means.

OTHER WHITEPAPERS
news image

2022 Global Cybersecurity Awareness Training Study

whitePaper | August 31, 2022

The benefit awareness cybersecurity awareness training, particular phishing simulations, have gained wide acceptance in business and the public sector.

Read More
news image

Recommended Criteria for Cybersecurity Labeling of Consumer Software

whitePaper | February 4, 2022

Software is an integral part of life for the modern consumer. Nevertheless, most consumers take for granted and are unaware of the software upon which many products and services rely. From the consumer’s perspective, the very notion of what constitutes software may even be unclear. While enabling many benefits to consumers, that software that is, software normally used for personal, family, or household purposes can also have cybersecurity flaws or vulnerabilities which can directly affect safety, property, and productivity.

Read More
news image

Securing Water Utilities with AWS

whitePaper | March 3, 2023

Today, many U.S. water utilities want to implement cloud-based information technology (IT) and operational technology (OT) solutions to realize the operational and security benefits of the cloud. This whitepaper discusses the business drivers associated with cloud adoption in the U.S. Water Sector, cyber security trends, and outlines best practices for implementing cyber security controls at a water utility.

Read More
news image

How to Prepare For & Respond to Ransomware in Operational Technology Environments

whitePaper | March 14, 2023

Targeted intrusions for gaining long-term access and collecting data about industrial control systems (ICS) are becoming much more frequent. Many of these attacks are about understanding the network and preparing for future activities without causing any immediate impact. The most recent Dragos Year in Review6 report shows that the ransomware groups Lockbit 2.0 and Conti were responsible for more than half of the observed ransomware attacks in industrial environments in 2021, and that these instances resulted in actions on objectives. These attacks have been observed in almost every industrial vertical, primarily targeting small to medium-sized organizations in manufacturing.

Read More
news image

Nasuni Access Anywhere Security Model

whitePaper | December 20, 2022

The Nasuni Access Anywhere add-on service delivers high-performance, VPN-less file access for remote and hybrid users, integrates an organization’s file shares with Microsoft Teams, and provides productivity tools such as desktop synchronization and external file and folder sharing to enhance user productivity and provide access to files seamlessly from anywhere on any device. This white paper outlines the security elements of the Nasuni Access Anywhere service.

Read More
news image

Analyzing the Economic and Operational Benefits of theDell Data Protection Portfolio

whitePaper | November 29, 2022

We live in an intensely data-driven world, where data loss is unacceptable and quick access to information with real-time analytics driven by machine learning and artificial intelligence is at the core of decision making. Effective data protection is a critical component of every successful business. Now, more than ever, organizations are looking at their data protection strategies through a new lens. They are evaluating old practices, with a focus on making data protection a hands-off, efficient solution they can rely on without applying extensive IT resources. This can be accomplished through standardizing on a vendor with a comprehensive data protection offering, single management capabilities, and support across a diverse network of systems on-premises, in public and private data centers, in multiple clouds, and in remote office/branch offices (ROBO) and edge environments.

Read More

2022 Global Cybersecurity Awareness Training Study

whitePaper | August 31, 2022

The benefit awareness cybersecurity awareness training, particular phishing simulations, have gained wide acceptance in business and the public sector.

Read More

Recommended Criteria for Cybersecurity Labeling of Consumer Software

whitePaper | February 4, 2022

Software is an integral part of life for the modern consumer. Nevertheless, most consumers take for granted and are unaware of the software upon which many products and services rely. From the consumer’s perspective, the very notion of what constitutes software may even be unclear. While enabling many benefits to consumers, that software that is, software normally used for personal, family, or household purposes can also have cybersecurity flaws or vulnerabilities which can directly affect safety, property, and productivity.

Read More

Securing Water Utilities with AWS

whitePaper | March 3, 2023

Today, many U.S. water utilities want to implement cloud-based information technology (IT) and operational technology (OT) solutions to realize the operational and security benefits of the cloud. This whitepaper discusses the business drivers associated with cloud adoption in the U.S. Water Sector, cyber security trends, and outlines best practices for implementing cyber security controls at a water utility.

Read More

How to Prepare For & Respond to Ransomware in Operational Technology Environments

whitePaper | March 14, 2023

Targeted intrusions for gaining long-term access and collecting data about industrial control systems (ICS) are becoming much more frequent. Many of these attacks are about understanding the network and preparing for future activities without causing any immediate impact. The most recent Dragos Year in Review6 report shows that the ransomware groups Lockbit 2.0 and Conti were responsible for more than half of the observed ransomware attacks in industrial environments in 2021, and that these instances resulted in actions on objectives. These attacks have been observed in almost every industrial vertical, primarily targeting small to medium-sized organizations in manufacturing.

Read More

Nasuni Access Anywhere Security Model

whitePaper | December 20, 2022

The Nasuni Access Anywhere add-on service delivers high-performance, VPN-less file access for remote and hybrid users, integrates an organization’s file shares with Microsoft Teams, and provides productivity tools such as desktop synchronization and external file and folder sharing to enhance user productivity and provide access to files seamlessly from anywhere on any device. This white paper outlines the security elements of the Nasuni Access Anywhere service.

Read More

Analyzing the Economic and Operational Benefits of theDell Data Protection Portfolio

whitePaper | November 29, 2022

We live in an intensely data-driven world, where data loss is unacceptable and quick access to information with real-time analytics driven by machine learning and artificial intelligence is at the core of decision making. Effective data protection is a critical component of every successful business. Now, more than ever, organizations are looking at their data protection strategies through a new lens. They are evaluating old practices, with a focus on making data protection a hands-off, efficient solution they can rely on without applying extensive IT resources. This can be accomplished through standardizing on a vendor with a comprehensive data protection offering, single management capabilities, and support across a diverse network of systems on-premises, in public and private data centers, in multiple clouds, and in remote office/branch offices (ROBO) and edge environments.

Read More
More Whitepapers

Spotlight

Nextel Mexico

Nextel Mexico is a company belonging to the corporate NII Holdings, Inc. based in Reston, Virginia and is present also in Argentina, Brazil, Chile and Peru, publicly listed on the stock market (NIHD). Since 1998, it has proven to be a solid and dynamic company that offers quality service its users, and added values ​​in different fields. Throughout 13 years of presence in the country, Nextel has been characterized by innovation in terms of communication and provide users with solutions that optimize its activities and resources. Nextel is a leading radio service. A clear example of this evolution are the attractive tariff plans, value added services and Nextel teams are now lighter, stylized, always taking into account the needs of the story to public communication he means.

Events

Nordic IT Security Event

Conference