Banking malwares are one of the main fraud issues for financial institutions to keep an eye on. Tens of thousands of Internet users. machines get infected and their online-banking credentials and payment card numbers get stolen on a regular basis.

CERT-LEXSI, our team of cybercrime specialists, LEXSI offers:
Massive collection of malware, equivalent to approximately 120-150 new unique malware samples daily,
Preventive detection (description, author's profile, number of kits sold) of malware (which may be suspected of impacting our clients) advertized on banking cybercrime marketplaces,
Detection of malware which behavioural analysis reveals a potential impact on our clients business,
Investigations of the malware.s behavior conducted to identify command & control servers, code update servers, stolen data repository servers,
Follow-up on the malware updates (new functions, new configuration files),
List of countermeasures to deactivate already installed malware.

The CERT-LEXSI staff is a pillar of the international research community for collecting and analyzing malware. Collaboration is conducted with CSIRTs, Universities and Security Solutions editors.

As of today, our surveillance systems developed in-house (specific spamtraps, daily monitoring of 300.000 malware-infected webpages, capture of malwares on 4.000 phishing and spamvertised websites, IRC screening, proprietary and partners. honeypots) collect more than 3.000 unique malware samples per month, propagating through emails, worms, instant messaging, web and P2P.

In addition to these surveillance systems, the CERT-LEXSI team operates close surveillance of malware coders and development teams (mostly Russian, Chinese and Brazilians) to provide early detection of newly developed malware that may impact our clients. As a result, CERT-LEXSI was the first team worldwide to reveal the existence of such malwares as VisualBriz and Snatch.

Antivirus editors are no real help since they rarely analyze keywords and URLs targeted by malware while running the reverse code engineering process. CERT-LEXSI's malware impact analysis is based on:
The isolation of strings, URLs or keywords which underline malware.s targets and tactical patterns. They are either included in the malware code, the volatile memory of the machine or the configuration files accessed by the malware from a remote administration server,
The identification of malware.s specific fraudulent behavior while browsing the targeted transactional websites.

The international research community for collecting and analyzing of malware has identified LEXSI as the only expert CERT team worldwide mastering these types of investigation techniques.

Today, CERT-LEXSI is heavily investing in finalizing its complete automatic malware behavioral analysis platform.

By September 2007, LEXSI.s platform 2.0 shall automatically provide the latest features for the identification of 150 new and unique malware characteristics daily:
All keywords and patterns used as targets by each given malware,
URLs and IP addresses of remote administration servers and stolen data repositories,
Strategies and interception techniques used by malware (for example to understand how a malware circumvents virtual keywords or tokens).
LEXSI's platform 2.0 also provides real-time detection:
Malware behavior is scrutinized while the infected machines run Internet browser sessions, browsing online banking websites and entering the corresponding credentials via authentication interfaces,
Identified keywords and tactical patterns, manipulated BHO and connections to remote repositories and administration servers are updated on a regular basis.
LEXSI's platform also:
Incorporates behavioral analysis, connections sniffing, and reverse code engineering tools,
Features virtual-machine-protected malware analysis.