Tool Release: A Banking Trojan Detection Tool

15, Aug, 2011

As many of our readers know, banking trojans have become extremely widespread over the course of last few years. There are hundreds of thousands, if not millions, of computers on the internet that are infected by these malicious programs.

We created an experimental tool that can detect almost all variants from the TOP 5 of banking trojan families: Zeus, SpyEye, Carberp, Gozi and Patcher, if they are active and running on the infected computer. The tool works by scanning the memory of each running process, looking for telltale signs of these malwares. If any signs are detected, the tool will report the malware name and the affected process name.

The advantage of the tool is that it doesn’t use a conventional signature database, where a detection can be usually avoided by re-packing the malware with a new obfuscation layer. Instead it looks for pieces of code that belong to the actual malware itself.

We’d love to hear any improvement suggestions and comments, feel free to contact us at info(at)fitsec.com

The tool can be downloaded here: http://www.fitsec.com/tools/DeBank.exe

By downloading and/or using the tool you agree to the license terms that are described here: http://www.fitsec.com/tools/license.txt