In January 2010, some banks reported suspicious change in server settings and errors in financial documents sent through their servers. Experts believe that it was caused by a malware named Ramnit and it affects files of operating system and infects files of numerous formats including html and office documents. The malware affects executable files of Windows and spreads itself whenever these files are run.
Interestingly Ramnit has widely targeted financial companies and banks than other sectors. The malware sits in the background and monitors financial activities, and communicates with its online server. Some experts also believe that the malware can alter financial contents and even add some, which from point-of-business can be very fatal for banks and financial companies. The malware can also alter server configurations.
What is more interesting about Ramnit malware is that its working is very similar to financial malware designed by popular hacking and spying group Zeus and SpyEye. Although it is not sure who is the designer of the software but experts have found some elements in the source code of Ramnit malware, which is widely used by Zeus. Experts also believe that designers of Ramnit have used some components of Zeus financial malwares.
There are numerous firewalls and anti-viruses used by banks and financial companies to protect their confidential data, but according to a popular security software designer Trusteer, Trusteer Rapport was able to prevent system from being infected by Ramnit malware. The software is capable of stopping it from entering through web browser. The company also claims that Trusteer Pinpoint software is designed to detect it in real time while their online banking applications are affected by the malware. The security software also allows banking professionals to detect Ramnit behavior and prevent it from damaging financial data and files.
