Stock Manipulation Botnets Gain Ground

iStock_000007292192XSmall The attacks from cybercriminals are now occurring in the online stock and equity trading world. Instead of simply emptying out compromised brokerage accounts, cybercriminals apparently are refining their attacks and striking at broader and more lofty goals: the trust mechanisms of business equity valuations with publicly traded stocks and equities.

George Hulme, InformationWeek contributing writer reports on his initial findings sourced from a Belgian news article on their investigation of a 2007 attack which was declassified recently:


    • “…authorities said there were 20 Belgian victims who were infected, and the cyber-thieves used those accounts to manipulate share prices and profit about 100,000 Euros
    • In addition, the security mistakes made here don't appear to be the fault of the banks, rather the fault of the stock traders themselves: somehow their systems got infected with these bots and were then permitted to execute the rogue trades.
    • The insidious fact is, as technology stands today, these types of attacks can affect anyone. All it takes is visiting an infected blog or news Web site and it is possible for attackers to inject the malware on end user systems. It's not yet been made public how the stock traders became infected – but infected web sites frequented by traders, or highly targeted phishing e-mails with the attack software attached are reasonable assumptions.” 

What to do: Harden the target

According to the FBI and FDIC, locking down one system or using a dedicated system for your online account access improves your odds against malware driven cybercrime. Harden the target.

If you don’t already use a special system which has physical access restricted already, then at the minimum:

  1. Ensure that the system account you use for access does not have system administrative rights which could allow behind the scenes malware installation or ‘click psychology’.
  2. Try using multiple browsers, with one browser for ‘fun’ and rich internet experience and another configured only as ‘bare bones’ with completely locked down security. This should include no plug-ins enabled. [Update: See US-CERT for steps on locking down your bare-bones browser.]
  3. Ensure your AV protection is maximized and runs the deepest scan level possible and that updates are regularly scheduled and more frequently scheduled – for consumers this would be every fifteen minutes. [ESET users click here for details]
  4. Restrict physical access. Avoid using one which your teenagers can surf social networks with. Believe it or not, most of my Digital Native and malware-savvy friends who become infected simply have the common denominator of teenage kids who click links like small children use sugar on cereal – at any time possible.
  5. Dudes, buy our stuff. Without ESET protecting every single system on your home or business network you’re just not at the top of the food chain. :)

How to Lock Down ESET Systems Against Browser-based Malware:

In no particular order, here are the key steps to consider:

  1. Password protect your NOD32 settings. Malware now has the ability to access and disrupt your AV scanning capabilities. While there is protection against this in NOD32 v4, the next step to take is to assign a password to your AV solution so that it cannot be ‘cracked’ and disabled by any other applications. Click here for a Knowledge Base walk-through.
  2. Lock down your dedicated system to only be able to access a few sites. ESET Smart Security users can configure their systems to do this. Click here for a Knowledge Base walk-through.
  3. Use the firewall. ESET Smart Security includes a Personal firewall to protect your outgoing and incoming communication. Click here for a Knowledge Base walk-through. [Thanks Matt!]
  4. Enable all of the settings within your on-demand scans. Make sure every single ‘potentially unwanted/unsafe application’ (PUA) is ousted off of your soon to be sanitized and protected system. Click here for a Knowledge Base walk-through.
  5. Regularly perform an On-demand computer scan. In addition to the real-time file system protection your ESET security product offers, running an On-demand computer scan is an essential component of your security routine, particularly if you are a high-risk user or suspect that your computer is infected. Click here for a Knowledge Base walk-through.
  6. Change your update setting to more frequently check ESET’s signatures. Instead of the default sixty minute setting, use fifteen minutes or less. Click here for a Knowledge Base walk-through.

Of course, your mileage may vary and standard disclaimers apply since cybercriminals are far from stupid; they read our blog articles as well. :) I take no chances, so consider these steps to a highly restricted system the ‘Paranoid Mode’ of ESET Smart Security. Disclaimer: as with everything security related, consider this information to be open source for the criminals to read as well as yourselves. I make no guarantees that someone won’t figure out a way to defeat this.

CFTOs Call to Action:

As Chief Family Technical Officer, what are your steps you take to prevent online account access? Share the wealth and help us harden the target further

Securing Our eCity Contributing Writer

Author , ESET

  • matt

    Use the firewall. In addition to enabling the Windows firewall, you should install and use a firewall of your own. ESET Smart Security includes a Personal firewall to protect your outgoing and incoming communication.
    This is from ESET KB:
    ESET Smart Security includes the ESET Personal firewall. Running two firewalls on your operating system can lead to conflicts and configuration errors. Consequently, ESET Smart Security will automatically disable your Windows Firewall after completing installation. Do not re-enable your Windows Firewall after installing ESET Smart Security.

    Change your update setting to more frequently check ESET’s signatures. Instead of the default sixty minute setting, use fifteen minutes.
    This is from Wilders, ESETs official forum:
    By default, ESET's software checks hourly for updates. While updates can be requested for higher frequencies, the engine itself will only check once an hour.

    • Charles Jeter

      @matt – Thanks for the catch. My QA team mentioned the same thing yesterday afternoon. I believe the proper procedure is as you specified, I’ll change it in the text!

      As for the Wilders text, is the Wilders article meant to express that the time setting is a placebo and ineffective? It might help to know who that was attributed to and when. Either way I’ll run it down and get an answer.


      • Charles Jeter

        Got the reply back from my ESET Brain Trust here in San Diego:

        The interval for any repeating task, including the regular automatic update task, can be set as low as 1 minute. It opens a new socket to a new update server every minute when configured this way. There is no hard-coded 1 hour minimum with our software.

        Ht/T to CB and SS and AG for the rapid turnaround.

  • Antivirus

    I am using OANDA JAVA trading platform to trade online. And frequently there is message of warning from Kaspersky Internet security that the platform is vulnerable to security risk. How to prevent malware threats from attacking the JAVA platform? because i am afraid they might get inside my account and use all the money to trade

    • Charles Jeter

      Hi there,

      I’m not sure how to respond to Kaspersky’s alert – we work for ESET which is a competitor. The first thing I would suggest is try our product. Second, I would look towards universal precautions as they say in the medical industry, some of which I list in this post –

Follow us

Copyright © 2017 ESET, All Rights Reserved.