DeBank tool claims to detect all major banking trojans

August 18, 2011 – 8:19 PM

Security company Damballa  has revealed that the source code for SpyEye, one of the most dangerous banking Trojans around, has been leaked online. Which is good for researchers, as they can better understand how it works. But it also means that a malware kit which used to cost more than $10,000 is now available for free, so is expected to become an even more pervasive threat in the next few weeks.

No need to panic just yet, though, as coincidentally Finnish security company Fitsec has just released DeBank, a portable tool which can detect the presence of all five major banking Trojan families on the target PC: SpyEye, Zeus, CarBerp, Gozi and Patcher.

You probably have an antivirus package which will claim to do much the same thing already, but as all these malware variants are particularly good at avoiding close scrutiny then it makes sense to have something which can offer a second opinion. And DeBank does have a particular advantage, in that it doesn’t use conventional signature checks, a technique which can be bypassed simply by packing the malware in a different way. Instead the program scans process memory for chunks of code belonging to each malware family, a much more reliable approach.


You must be logged in to post a comment.