An updated version of the Ramnit Trojan targets six major banks in the United Kingdom. Updated infrastructure of the malicious program is aiding the creators into spreading the Trojan.
Ramnit Reminds Specialists That It Has Damage Potential
Recent attack campaigns with Ramnit have been identified by IBM X-Force researchers. They have observed that the Trojan has updated code base and is used to target six banks in the United Kingdom. The malware can manipulate online banking sessions to steal account credentials, and it can perform transfer money attacks.
The majority of infections are carried through malicious spam emails. They contain Trojan attachments that are masked as important documents or financial invoices.
The last attacks made by Ramnit were about eight months ago, and researchers thought that the hackers had discarded the tool from their inventory. As it seems now, an updated threat is out in the wild. The new version of the Trojan has two new live attack servers, as well as an active C&C station. The Trojan is spread through the Internet and has web injection capabilities that target personal bank accounts.
The payload itself has not changed from the last known iteration; it still uses the same architecture, operation and encryption algorithm. Some parts have updated code such as the Spy Module. It it is designed to infiltrate the user browser, monitor the web activity and steal data in real time.
A VNC module can also be activated at will and controlled by the malicious users. Ramnit operators have also devised new schemes built for the active attacks. The Trojan can collect data and store it on remote servers to be used in conjunction with other malware.
Security experts advise users never to access their online banking services and to use good anti-spyware, anti-spam, and anti-virus software.