FYI...Top Banking Botnets
3 March 2014 - "... increase represents a challenge to financial institutions and their customers. Although banks have evolved their security measures to protect online transactions from fraud, attackers quickly adapt to these countermeasures and respond with sophisticated banking botnets. Many banking trojans are used for the same purposes, although not all banking trojans are created equal. Some botnets possess sophisticated plugin-based engines, while others are primitive yet effective... banking botnets' architecture ranges from a single centralized command and control (C2) server to a decentralized peer-to-peer (P2P) network...
Botnet activity for 2013: Most banking trojan activity observed by CTU researchers in 2013 originated from the botnets listed ...Percentage of banking malware by botnet in 2013
... attackers preferred to target commercial banks, credit unions, and other financial institutions in developed countries with sizeable populations and wealthy residents in 2013.
Attackers tend to avoid countries where international transactions are more difficult and require local intervention to launder the money. Though most campaigns in 2013 focused on traditional banking websites, targets also included institutions that facilitate high-volume, high-value transactions, such as Automated Clearing House (ACH) or Single Euro Payments Area (SEPA) credit transfers. Many campaigns targeted corporate bank accounts and payroll systems... The choice of banking trojan and its capabilities depends on the financial resources available to the attacker and the level of security implementations an institution adopts. While MITB is a necessity of any banking trojan, features like redirect and backconnect allows them to control fraudulent transactions. Features like screenshots and video captures not only capture important information but enable an attacker to determine victim behavior that can be emulated during a fraudulent transaction... Conclusion: The financial fraud
marketplace is an increasingly organized entity. It is a service-based industry in which a wide variety of financial trojans, webinjects, and distribution channels are bought and sold. Attackers are also reaching new markets, constantly expanding their operations to locations where they can apply existing techniques. The Middle East, Africa, and Asia are increasingly targeted. In search of maximum return, attackers are targeting high-volume and high-value transaction services, such as ACH in the U.S. and SEPA credit transfers in Europe, and there is an increased focus on recruiting money mules. In many situations, financial institutions adopted custom security solutions to protect against threats. However, many of these security implementations are -ineffective- against the modern banking trojan
. Mass-distributed trojans that target large numbers of financial institutions concurrently and that leverage third-party services dedicated to circumventing security measures present a significant security threat
..."(More detail at the secureworks URL above.)