Problem solve Get help with specific problems with your technologies, process and projects.

Can regional banking Trojans hide from signature-based antivirus?

Signature-based antivirus is useful for detecting many different kinds of malware, but has a notoriously difficult time tracking regional malware. In this expert response, Nick Lewis explains how regional banking Trojans elude detection and what enterprises can do to protect themselves.

I've read that region-focused banking Trojans are less likely to be discovered by antimalware programs. Why is that?
Region-focused malware exploits one of the most significant limitations of traditional signature-based antimalware software, and these banking Trojans, or customized malware, are just one type of malware that is exploiting this limitation. The limitation is that malware traditionally must be analyzed and signatures created in order for detection to take place. Customized malware has traditionally been the most difficult to detect because the signature for the malware is constantly changing to target specific regions or specific banks, or because of the small number of websites the malware covers is not being reported to antimalware vendors at all. Targeting a new bank may not fundamentally alter the malware if the malware is modular, but if a new type of attack or significant change is made to the malware, this can impact how easily it can be detected by signature-based antivirus.

This limitation in detecting new, customized or targeted malware may be changing though, as antimalware software is including more behavioral-detection capabilities in its core functionality. Antimalware has included heuristic functionality for many years, but the recent advancements in behavioral detections are a significant improvement over heuristic detection. The behavioral detections can be more generic than traditional signatures because the antimalware software can find malicious behavior -- such as programs accessing saved passwords or sending passwords to an external website -- and then potentially block it or detect as malicious the file(s) being used by the malware to access passwords and quarantine them.

This was last published in July 2010

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.