Where those behind the Tatanga virus were initially intent on targeting customers of a sole bank in Spain, they appear to have expanded their illicit operations to include the customers of other banks.
Those behind the financial malware intend on stealing money as well as identities in order to perpetrate crimes pertaining to identity fraud. In order to do so, the virus relies on social engineering techniques which are intended to trick the victim into bypassing security measures imposed by their banks. Security measures which include one-time passwords (OTPs) and transaction authorization numbers (TANs).
Director of product marketing for online security firm Trusteer, Oren Kedem, indicated that the Tatanga variant discovered last week was not aimed at the United States. In regards to the origins of the malware, Kedem was quoted by CSO having said:
“We don’t know where it originated, but it’s fair to assume that the people are Spanish speaking, and familiar with the Spanish banks. There is reason to believe it is coming from that part of the world.”
Tatanga currently affects nine web-browsers which include Mozilla Firefox, Internet Explorer, Opera, Safari, and Google Chrome.
A Trojan horse, in regards to computing, is composed of a server and a client. Once the server is executed on the victim’s machine, a communication port is opened through which the client is able to establish a connection in order to remotely control the infected computer. As software and hardware firewalls, like those commonly incorporated into home routers, thwart traditional Trojans by blocking unsolicited connection requests, reverse client/server viruses are now the apparent standard.
In regards to countermeasures, Kedem has indicated that banks should provide anti-malware services and training to their customers. He was quoted having said:
“Banks need to make customers watch for any change from normal. They should be suspicious if they see any unsolicited offering, anything that is asking for new information, if the screen changes or if suddenly somebody from the bank is chatting with you. Call the bank and ask if it is genuine. The best way to be safe is to be suspicious.”
In the constantly evolving world of online security, this writer suggests Internet users utilize a variety of anti-virus software suites, either a software or hardware firewall, avoid shady websites to the best of their ability, utilize complicated passwords, never use the same “universal” password for their various accounts, carefully scrutinize anything that seems too good to be true, never divulge personal information, and regularly backup important data. While following these directions has the ability to mitigate the risk of losing important data, being scammed, or infected with a virus, the directions will not make you impervious to infections or scams. For this reason, always exercise caution when accessing the wild west world that is today’s Internet.
Anti-virus software often incorporates anti-virus offset scanners in order to pinpoint infections. Essentially, an offset scanner works by scanning the code composing a given file for a string common to a known a virus in order to determine whether or not the file is infected. As the scanner is simply searching based on a library of virus definitions, a virus must first be discovered and analyzed, often through reverse engineering and execution in controlled environments, in order for there to be a definition in the database of known viruses. To relate to a more common world of understanding such as that of the corporeal, researchers are unable to provide a cure for a virus prior to having knowledge of the virus and the same is true when it comes to computer viruses. Such is the perpetual cat-and-mouse game that we play.