Malware infects three-quarters of the world's top banks
File this story in the "Who do you trust with your money?" category.
Eighteen of the top 24 banks in the world have malware problems, security firm Lookingglass says on Wednesday. Even three-year old worms that have long had patches and fixes to address them continue to infect the PCs of banks, including Conficker, found (gasp) in the IT deployments of 10 of the top 24.
Other virus and malware of note found on these computers included DNS Changer, Gameover Zeus, BlackHole Exploit Kit, and Fake AV among others, the security firm says.
It is not clear what the extent of infection is, or how it may be affecting bank customers. "We don't have evidence that the infected systems are actively infecting other systems, but most of the types of malware involved are designed to infect as many other hosts as possible", chief scientist Jason Lewis tells BetaNews.
"There is a strong likelihood that the computers in question have infected other hosts", he continues. Lewis would not identify the banks in question, saying Lookingglass wanted to give these institutions time to address the problem.
Reinfection is also an issue. While these banking institutions apparently attempt to address their virus problems, the issues continue to come back due to unclean portions of their networks affecting cleaned areas. This could be due to large companies by nature being slow to apply updates and important patches that would otherwise close the holes malware exploits in order to spread itself, Lewis tells us.
"If hosts are cleaned, but not patched and nothing further is done to prevent reinfection, an endless loop occurs. Just cleaning a malware infection is not enough -- steps to prevent further exploits have to occur", he explains. "In some cases, the operating systems involved no longer have support from Microsoft, which means they will never be protected".
The latter is an obvious reference to the enterprise's insistence on hanging on to aging platforms. Take, for example, Windows XP: while Microsoft still issues security updates for the platform and will do so through 2014, it's likely many of these companies will continue to use it well past that date, or have not update to SP3, which is necessary to receive those updates.
Or even Windows Server 2003, which is no longer supported. Again, if the customer is not on the newer R2 version, they're unprotected too.
"The biggest take away from this research is that no one is safe", Lewis concludes.
So here's the big question: if the banks have such a serious malware problem, is our financial data really that safe? Enterprising attackers likely already know this, and may have already exploited these holes to their advantage.