A multinational coalition of organisations led by Europol’s European Cybercrime Center (EC3) has working successfully to disrupt the Ramnit malware family. Ramnit is a Computer worm that affects Windows users.
Ramnit was first detected in 2010, attaching itself to executable files and USB drives to infect additional computers. Originally a generic worm, it has been rewritten as a banking trojan design to perform man-in-the-middle attacks. The hackers goal is to obtain the targets banking credentials and commit financial fraud. It includes code from the notorious banking trojan Zeus.
At its peak, Europol EC3 estimates that the Ramnit botnet network that spread the malware consisted of more than 3.2 million computers. The recent efforts have substantially disrupted that network, but not entirely eliminated it.
Microsoft, which is part of the coalition, has detected approximately 500,000 instances of computers infected with Ramnit over the past 6 months. Ramnit is configured to hide itself, disable security defences, and establish a connection with the Ramnit command and control server (C&C). It has proven adept at not only infecting the target’s computer, but spreading to nearby computers and through networks it is connected to.
Comodo developed Comodo Securebox for exactly this type of situation, where a user has to perform a financial transaction in a compromised environment.