This title breaths a certain amount of obviousness, but most financial malware or banking Trojans are actually designed by cyber-criminals to avoid detection and hide for antivirus programs. The main goal of these digital bank robbers is clearly to steal your money by manipulating online bank transactions.
Research by SurfRight shows that the average life-time of a banking Trojan on a computer is 81 days for computers that do not have an up-to-date antivirus program. And the average life-time of a banking Trojan on a fully protected computer, that has an up-to-date antivirus program, is 25 days.
These statistics are based on scan results from new users that run HitmanPro for the first time. And since it is based on a user’s decision to find a second opinion and download HitmanPro, these numbers should not be taken as exact science. Nonetheless, it is a clear indication that using an up-to-date antivirus program dramatically reduces the life-time of a banking Trojan.
Many people will now ask “why didn’t the antivirus program catch the banking Trojan right away? 25 days is still a long time.”
That is a valid question. If the banking Trojan is stopped right away, HitmanPro will not detect one on that computer because it has never been there. Antivirus programs are the last line of defense and will stop the vast majority of malware attacks, but not 100%.
- Does the police prevent all robberies? They should, but they don’t.
- Does the coast guard stop all drug transports before entering the country? They should, but they don’t.
- Is a doctor’s diagnosis correct every time? It should, but it isn’t.
In other words: Using an antivirus program on your computer will stop most malware attacks, and will reduce the life-time of malware that has slipped the defenses and silently installed itself on the computer.
BBC Click: How banking Trojans go undetected and steal your money
How did we measure?
2,465,497 users scanned their computer with HitmanPro between October 2011 and October 2012 (1 year). The above mentioned statistics are not based on a laboratory research but are derived from real-world computers. The HitmanPro agent reported back the date the banking Trojan was installed on the computer, including which antivirus program the user was using (including its status) before HitmanPro removed the banking Trojan. The specific banking Trojans we counted for this statistic were Zeus, Citadel, SpyEye and Tinba.
Last August, our HitmanPro agent discovered Citadel Trojans within the Dutch government during the Dorifel outbreak. We also discovered that these Trojans were active on fully protected computers for roughly three to four weeks, without being detected. This period – shocking for most people – was clearly not an incident but is in line with our research results.