Skip to main content

DeBank tool claims to detect all major banking trojans

posted onAugust 19, 2011
by l33tdawg

Security company Damballa  has revealed that the source code for SpyEye, one of the most dangerous banking Trojans around, has been leaked online. Which is good for researchers, as they can better understand how it works. But it also means that a malware kit which used to cost more than $10,000 is now available for free, so is expected to become an even more pervasive threat in the next few weeks.

No need to panic just yet, though, as coincidentally Finnish security company Fitsec has just released DeBank, a portable tool which can detect the presence of all five major banking Trojan families on the target PC: SpyEye, Zeus, CarBerp, Gozi and Patcher.

You probably have an antivirus package which will claim to do much the same thing already, but as all these malware variants are particularly good at avoiding close scrutiny then it makes sense to have something which can offer a second opinion. And DeBank does have a particular advantage, in that it doesn’t use conventional signature checks, a technique which can be bypassed simply by packing the malware in a different way. Instead the program scans process memory for chunks of code belonging to each malware family, a much more reliable approach.

Source

Tags

Software-Programming Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th