Understanding and Mitigating Banking Trojans: From Zeus to Emotet

Abstract

Banking Trojans came a long way in the past decade, and the recent case of Emotet showed their enduring relevance. The evolution of the modern computing landscape can be traced through Emotet and Zeus, both representative examples from the end of the past decade. As an example of earlier malware, Zeus only needed to employ simple anti-analysis techniques to stay undetected; while the more recent Emotet had to constantly evolve to stay a step ahead. Current host-based antimalware solutions face an increasing number of obstacles to perform their function. A multi-layer approach to network security is necessary for network-based intrusion response systems to secure modern networks of heterogeneous devices. A system based on a combination of a graphical network security model and a game theoretic model of cyber attacks was tested on a testbed with Windows machines infected with Trojans; experimental results showed that the proposed system effectively blocked Trojans’ network communications effectively preventing data leakage and yielding encouraging results for future work.