Highly infectious malware targets banks

Sunspot spreading rapidly among US financial institutions

A new Trojan that is able to extract private financial information including credit card details from infected users has been identified.

The malware, known as the Sunspot Trojan, targets Windows machines and is able to carry out man-in-the-middle attacks, where information is captured in transit between the user and the bank.

It can also execute web injections, page-grabbing and key-logging attacks.

Trusteer CTO Amit Klein warned that most anti-virus products are currently unable to detect the malware.

"The detection rate for Sunspot by leading antivirus programs is painfully low. According to a Virus Total analysis, only nine of 42 antivirus programs tested currently detect Sunspot."

Sunspot has already been responsible for financial losses in the US.

"It is currently targeting North American financial institutions and has already achieved SpyEye and Zeus-like infection rates in some regions. There are confirmed fraud losses associated with Sunspot, so the threat is real."

Unusually, Sunspot was not originally developed as a malware platform.

"We could be witnessing a sea change in malware development where general purpose and little known malware platforms are re-programmed to carry out financial fraud. This will make it even more difficult to defend against attacks since banks will be ambushed by a growing number of unique financial malware platforms."