All the latest UK technology news, reviews and analysis


Citadel Trojan bank robber horde returns from from the dead

03 Sep 2013
Digital security padlock red image

Evolved versions of the notorious Citadel banking Trojan have resurfaced targeting Japanese computer users, according to Trend Micro researchers, which warned the threat could move to Europe at any time.

The researchers announced findings linking the malwares to command and control servers in Europe in a public blog post, warning current evidence suggests the attacks are part of a wider campaign.

"We've identified at least nine IP addresses serving as its command and control (C&C) servers, most of them detected to be belonging in the US and Europe," according to the report.

"Monitoring these servers, we also discovered that 96 percent of the connections to these servers are coming from Japan - further proof that the most of the banking Trojan infections are coming from that one specific country."

The Trend researchers reported detecting 20,000 unique IP addresses connecting to the malware servers in the six days its was actively tracked.

"During a six-day period, we detected no less than 20,000 unique IP addresses connecting to these servers, with only a very minimal decrease from beginning to end. This means that there are still a large number of infected systems stealing online banking credentials and sending them to the cyber criminals responsible," read the report.

The news is the latest incidence of the Citadel Trojan reappearing following take down attempts by law enforcement. In the past Microsoft and the US FBI have mounted numerous takedown attempts against criminals using the Citadel Trojan. The campaign has had some success, with the pair taking down a $500m Citadel botnet in June 2012.

Despite the success of the takedowns, the Citadel Trojan has constantly resurfaced. Trend Micro security director Rik Ferguson said the open nature of the malware and its public availability on numerous cyber black markets means it is likely more versions of the Citadel Trojan will continue to appear.

"Citadel is a successful offshoot of the ZeuS source code and now a highly effective piece of malware, both as financial malware in its own right and as a software distribution platform for other malicious activity, such as ransomware," he wrote.

"Obviously arrests lie the actions of the Spanish police against the Reveton gang and botnet takedowns such as Microsoft recent action against 1,400 Citadel domains can make a dent in criminal operations, but anyone with access to a builder is able to start again, rebuilding botnets and infecting new victims."

Ferguson added the new versions will not be limited to targeting Japan, clarifying European businesses are equally at risk from the Trojan. "Citadel is of course not specific to Japanese victims, and we expect to see further Citadel activity in European territories too," he said.

Prior to Trend Micro numerous other security firms have listed Citadel as one of the biggest threats facing businesses. Most recently McAfee listed tweaked versions of the Citadel and Koobface Trojans as two of the biggest cyber threats facing companies in its Q1 2013 Threat Report.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
68%
9%
16%
7%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Snr Linux Engineer - Bleeding Edge HFT Fund

My client, an award winning, High Frequency Hedge Fund...

Scrum Master, Information Service Provider, Kingston, £35k

Scrum Master, Global Information Service Provider, Kingston...

IT Manager - Digital Agency - SW London - To £42k

IT Manager MS Exchange VMWare Windows 2000/2003/2008...

senior C# .net developer

UX C# Senior Developer - £550 - £650 Per Day - ASAP...
To send to more than one email address, simply separate each address with a comma.