UK Bank Computers Zombified, Hijacked by Conficker

Money-under-mattress-006Banks. They’re supposed to hold on to your money. And occasionally, make money for you, that is, when they’re not bilking you by charging you outlandish interest rates and service fees, all the while paying out rock bottom interest rates for your hard-earned savings. And they’re supposed to be secure. After all, how are they going to win peoples’ business if they’re not?

That’s the basic premise, and while it’s not The Wealth of Nations, it is an undeniable truth. Banks need to protect their servers, just like any business that safeguards personal information. So it’s not a stretch to say that several banks in the UK are in dire need of reassessing their security measures.

As if the UK banking system needed more scandal than that with which they’re already dealing, several media outlets are reporting that several large banks across the pond are not only infected with malware, their networks are, indeed, zombies on a botnet. Yes, the same banks that protect your personal information, your money, and those teeny-weenie little interest payments that they routinely doll out.

And it’s not just any botnet, either. It’s the granddaddy of all botnets, the nefarious Conficker. According to the BBC, a study conducted by the University of Delft in The Netherlands, and independent data from Cloudmark and an unnamed organization that runs spam traps, revealed that 20 spam incidents connected to UK banks were recorded in 2013.

“It is likely that the computers were compromised when bank staff and contractors were caught out by booby-trapped email attachments,” the BBC reports. “Some of those infected machines are also likely to have been enrolled in a botnet – a large network of hijacked computers that are used by cybercriminals to distribute spam and viruses, attack other websites or as a source of saleable personal data.”

This isn’t the first time such activity has been seen in the banking system. In 2011 and 2012, malicious activity was detected, although the numbers were lower than what’s been observed this year. Of those previous incidents, some “involved addresses that have been sending junk for months but others were addresses seen sending spam for the first time,” which suggests that the infections were repeated, new infections, rather than a single static event.

Referring to data other than what was used to record the aforementioned numbers, BBC points out that in 2012 and 2013, the data indicated “fewer incidents year-on-year but revealed that seven corporate bank networks are regularly sending out junk, five are home to machines that are part of the well known Conficker botnet and eight are regular sources of malicious activity.”

Sources inside the UK banking system also told the BBC that they’re handling up to a dozen employee-related incidents each month of malware infections, which is par for the course in any corporate network. But BBC also reports that James Lyne, global head of security for Sophos, points out that a bank whose network was infected with a botnet would be “exceptionally concerning,” and that such an infection would “give attackers a foothold that they can exploit.”

In a ‘well, DUH’ moment, Michel van Eeten, a professor at the University of Delft who leads the botnet research team , says that “There should be no spam coming out of these networks,” and points out that some of the bank networks studied by the group showed a ‘relatively consistent’ infection problem, which would be troubling to any IT professional, but if you’re a bank…whoa.

The BBC reports that van Eeten also “worried about the continuing presence of machines that were part of the Conficker botnet because the exploit used to create that network has been known about and fixable for five years,” a commentary which sort of nails the crux of the problem to the proverbial [fire]wall. In not so many words, the good professor’s observation points out that the banks themselves may have a systemic problem that goes beyond just hardware and software security. And he reflects what you’re probably thinking about banks in the UK. “If they are vulnerable to that you have to wonder what else they are vulnerable to…This might show they can fall victim to a targeted attack more easily because those are much harder to avoid falling into.”

The BBC says that “One example of the types of targeted attack finance firms have to deal with is malware that only springs to life when it spots that it has infected a machine sitting on a bank network.” And that just compounds what appears to be a serious problem.

If you’re in the UK, you may want to close out your accounts and hide your money under a mattress. Sounds like it would be safer, and let’s face it: you won’t miss the interest.

Leave a Reply