Trusteer Flashlight Provides Malware Analysis and Remediation for Financial Institutions

New Service Performs Remote Forensic Investigation on Customer Machines to Detect Source of Fraud and Mitigate Future Attacks

(23.03.10) - Trusteer, provider of secure browsing services, announced Trusteer Flashlight. This new remote fraud investigation and mitigation service identifies the attack source on a customer's machine, gathers samples, and can reverse engineer the mechanism used by the malware to commit fraud. Findings enable banks and other organizations to prevent future losses, block subsequent attacks, and takedown command/control servers.

Trusteer also announced today that CEO Mickey Boodaei will present a session on ‘Financial Malware in the UK - New techniques for Defense’ at the e-crime congress 2010 on March 16 at the Victoria Park Plaza Hotel in London. His presentation will reveal findings from reverse engineering performed by Trusteer's research organization on the Silon financial Trojan which targets UK-based financial institutions.

Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over US$120 million in the third quarter of 2009, according to estimates presented at the recent RSA Conference in San Francisco by the U.S. Federal Deposit Insurance Corporation. Almost all of the incidents reported to the FDIC related to malware on online banking customers' PCs. In the UK the situation is similar with online banking fraud losses up 55 Prozent to £39m in first half of 2009 according to Financial Fraud Action UK (formerly the anti-fraud unit of banking payments association APACS).

In order to protect customer bank accounts from being victimized, financial institutions are faced with the daunting task of identifying malware variants, analyzing them, and using the findings to mitigate future losses. Acquiring this data from customer computers is complex, labor intensive and an Internet scale challenge.

Bringing Malware into the Open

To enable financial institutions to respond in real-time to financial fraud, the Trusteer Flashlight service can instantly initiate a remote investigation into an attack. The affected customer simply needs to install Trusteer's Rapport desktop forensic and protection software, which immediately identifies the malware, or in the case of an unidentified variant, detects suspicious malware behaviour and lifts a sample or samples from the computer. These are then examined and reverse engineered by Trusteer's fraud and malware experts to identify the mechanism used to commit fraud.

Following the analysis, the financial institution receives a full report on the malware, the complete source code for future reference, and detailed recommendations on how to detect and block future attacks. In addition, Trusteer reports the malware to all desktop security vendors for industry-wide protection, performs ongoing analysis of associated command and control servers, and submits them to takedown services. Trusteer Flashlight includes ongoing consulting by Trusteer's security experts to help mitigate future threats. (Trusteer: ra)