IBM warning over new 'conjoined malware' robbing banks of millions every day

Banks warned that new Goznym Trojan is going under the security radar

IBM has warned that malware conjoining two threats is tearing across the US and Canada, shaking down banks of millions of dollars every day.

Called the Goznym Trojan, IBM's X-Force named the malware by merging the names of the individual, but now merged, threats called Gozi ISFB and Nymaim.

"It appears that the operators of Nymaim have recompiled its source code with part of the Gozi ISFB source code, creating a combination that is being actively used in attacks against more than 24 US and Canadian banks, stealing millions of dollars so far. X-Force named this new hybrid GozNym," said IBM in its self-referential write-up.

"The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan. From the Nymaim malware, it leverages the dropper's stealth and persistence; the Gozi ISFB parts add the banking Trojan's capabilities to facilitate fraud via infected internet browsers. The end result is a new banking Trojan in the wild."

According to IBM, it has already robbed banks of $4m in just a matter of days, leading to widespread warnings.

"Cyber criminals have specialties just like their white hat counterparts. By taking bits of code from different pieces of malware, they are able to create their malicious payload quicker than writing everything from scratch. This will reduce their time to exploit and increase potential profits from criminal activity," said Travis Smith, senior security research engineer at Tripwire.

"Data is the currency of the 21st century. However, criminals are still interested in real currency as well. Banks and e-commerce sites face attacks from criminals seeking both sets of currency. Organisations should monitor critical systems for suspicious changes, as well as limit network connectivity to prevent data leakage in the event of a breach," added Smith.

Mark James, security specialist at ESET, says that combined threats that are successful are pretty bad, and reckons that the money involved so far should be enough to get some stuff done.

"These days malware is getting so much more complicated and intelligent, and it is a continued race between writers and detectors to do their respective tasks. There are so many different forms of malware around today and combining different versions to create hybrid pieces is an effective way of developing malware that is stealthy and successful, which is exactly what we have here," he said.

"In addition to this, by creating a modified piece of malware you would in theory create something that is not being currently detected. Generally the motivation behind this is for monetary gain so there's no better target than the banks themselves, with an estimated cache so far of $4m, it proves this particular venture is working."