All the latest UK technology news, reviews and analysis


Citadel Trojan bank robber horde returns from from the dead

03 Sep 2013
Digital security padlock red image

Evolved versions of the notorious Citadel banking Trojan have resurfaced targeting Japanese computer users, according to Trend Micro researchers, which warned the threat could move to Europe at any time.

The researchers announced findings linking the malwares to command and control servers in Europe in a public blog post, warning current evidence suggests the attacks are part of a wider campaign.

"We've identified at least nine IP addresses serving as its command and control (C&C) servers, most of them detected to be belonging in the US and Europe," according to the report.

"Monitoring these servers, we also discovered that 96 percent of the connections to these servers are coming from Japan - further proof that the most of the banking Trojan infections are coming from that one specific country."

The Trend researchers reported detecting 20,000 unique IP addresses connecting to the malware servers in the six days its was actively tracked.

"During a six-day period, we detected no less than 20,000 unique IP addresses connecting to these servers, with only a very minimal decrease from beginning to end. This means that there are still a large number of infected systems stealing online banking credentials and sending them to the cyber criminals responsible," read the report.

The news is the latest incidence of the Citadel Trojan reappearing following take down attempts by law enforcement. In the past Microsoft and the US FBI have mounted numerous takedown attempts against criminals using the Citadel Trojan. The campaign has had some success, with the pair taking down a $500m Citadel botnet in June 2012.

Despite the success of the takedowns, the Citadel Trojan has constantly resurfaced. Trend Micro security director Rik Ferguson said the open nature of the malware and its public availability on numerous cyber black markets means it is likely more versions of the Citadel Trojan will continue to appear.

"Citadel is a successful offshoot of the ZeuS source code and now a highly effective piece of malware, both as financial malware in its own right and as a software distribution platform for other malicious activity, such as ransomware," he wrote.

"Obviously arrests lie the actions of the Spanish police against the Reveton gang and botnet takedowns such as Microsoft recent action against 1,400 Citadel domains can make a dent in criminal operations, but anyone with access to a builder is able to start again, rebuilding botnets and infecting new victims."

Ferguson added the new versions will not be limited to targeting Japan, clarifying European businesses are equally at risk from the Trojan. "Citadel is of course not specific to Japanese victims, and we expect to see further Citadel activity in European territories too," he said.

Prior to Trend Micro numerous other security firms have listed Citadel as one of the biggest threats facing businesses. Most recently McAfee listed tweaked versions of the Citadel and Koobface Trojans as two of the biggest cyber threats facing companies in its Q1 2013 Threat Report.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
21%
13%
4%
21%
31%
10%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Head of Business Systems Projects

Head of Business Systems Projects West Midlands...

Online Systems Manager

Online Systems Manager We are looking for an Online...

Business Analyst

Discover your future at Lincoln Department of PMO...
To send to more than one email address, simply separate each address with a comma.