Have you already heard about the banner trick? Not yet?

This is one of the latest sophisticated additions found in the Zeus malware configuration. This addition has been recently discovered, analyzed and reported by Trusteer.

Malware such as Zeus place their focus in online banking fraud. Online banking fraud is a serious affair judging by last year’s UK annual report, which showed a total loss of £365.4 (million) resulting mainly from online banking fraud.

Banks have done much in the past to prevent or to reduce the risk of becoming a victim of online banking fraud; however, malware is smart and tries to find new approaches to steal money online. Banner injections are the latest attempt when it comes to this type of fraud.

The Zeus malware is targeted towards people who visit leading trusted websites with high traffic such as AOL, Amazon, Apple, etc. Whenever a user browses one of these sites, the malware will create a customized banner on the infected machine and it will embed the banner into the target content.

An average user would assume that the banner is genuine and legitimately belongs to the target content, because the banner has been embedded and integrated fully into the highly trusted website. The banner is fully adapted to the target content by having the right colour, the correct font type and a style that is similar to the website.

Banner example:

A click on this banner will lead the user to a professional looking website that offers lucrative business investment opportunities to wealthy people and sells profitable investment schemes securely over SSL – that is nothing more than a fraud scheme. The injection code has been seen as a simple banner on a trusted website, but it has also been discovered as a full site text where the trusted owner of the website is making an explicit recommendation to invest money into this fraud scheme.

Unlike many other malware attacks this approach is new, because it does not focus on attack codes. The new approach is more about selling fraud schemes (scam) that appear very legitimate and trustworthy on leading websites. The interesting point with this fraud website is that an average user will hardly notice this scam.

That’s why it would affect many thousands of users who would have invested large sums of money into this scam voluntarily. There is no need for hackers to collect sensitive data from a remote machine as a user is voluntarily transferring money to them.

As the use of online banking increases, it is more than essential to invest money into affordable web security products such as anti-virus and web filtering. Web filtering would have prevented the user from accessing such phishing and scam websites (if the website has already been marked and listed as scam).

Web filtering in general classifies websites into good and bad websites. Professional web filters do more than this. They classify websites into different sub categories such as “Entertainment”, “Social Marketing” and more. This would allow the administrator to have greater differentiation when deciding whether sites should be allowed or blocked.

A good professional web filtering product would have blocked thousands of access requests that leaded to the scam website and is just another step in preventing such losses due to online banking fraud.