German Bank Account Holders Targeted by GozNym Trojan

Posted on by

German Bank Account Holders Targeted by GozNym Trojan

A new and improved version of the banking trojan that was created by combining the code contained in the Gozi and Nymaim Trojans, known as GozNym, is being used to target
account holders at 13 German banks. When it was first spotted in the wild in April of this year, it was being used to target account holders at US and Canadian banks but the
perpetrators have now moved on to pastures new, or so it seems. The trojan injects a malicious DLL into the web browsers of victims, which then shows fake content when online
banking portals are accessed. Working on the same principles as basic phishing sites, the trojan steals the login credentials that users input on what they think is their bank’s
official website. These credentials can then be used to log in to the accounts at a later date and transfer money out of them.

Distributed in Spam Floods

The trojan is being distributed in a massive spam campaign dwarfing many of those which preceded it. Relying on sheer volume of emails to hit targets may not be a particularly
sophisticated technique but it is unfortunately a very effective one. Furthermore, the tactics used by the group responsible for the attacks are undoubtedly sophisticated when
considered as a whole and the fact they are moving so quickly would suggest they have access to considerable resources and technical know-how. Having targeted US, Canadian, and
German bank account holders so far, it would seem only logical to conclude that they plan to move onto other countries in the near future. With this in mind, account holders
with banks in all countries across the globe should be very careful when using online banking systems to access their accounts.

Fighting Back

Individuals have a variety of free and low-cost software from which to choose when fighting against the senders of rogue emails and commercial organisations have access to
extremely sophisticated, corporate anti-spam solutions that are both simple to use and highly effective. Stopping spam mail from reaching its target in the first place is the
most effective way to deal with attacks such as these so it is well worth investing in a high quality solution such as those offered by the team at MailCleaner. Companies that
use online banking systems to access their corporate accounts will of course be especially keen to ensure they do not fall victim to trojans such as
GozNym, as the possible consequences could be catastrophic.

Ever Evolving Threats

This is not the first time that a combined trojan has been used by cybercriminals: the Shifu trojan that was used last year to attack Japanese banks featured code from the Shiz,
Gozi, Zeus and Dridex trojans that came before it. The determination of cybercrime gangs to stay one step ahead of the IT security industry should alert all industry experts and
private individuals to the importance of keeping anti spam software up to date and of never taking the impenetrability of their own networks for granted.