The era of easy plunder by online bank Trojans may finally be drawing to a close with a new analysis by Symantec showing an unexpected 50 percent fall in the number of computers compromised by the most common variants during 2014.
The firm's study looked at the nine of the biggest Trojans that make up the majority of attacks, targeting 1,467 banks and finance systems in 86 countries, including in order of detections, Zbot, Dyranges (a recent threat), Cridex, Snifula, Bebloh, Shylock, SpyEye, Mebroot, and Carberp.
After peaking in March 2014, the volume of detections decreased markedly across the rest of the year, with a 53 percent fall taking them back to where they were in late 2012.
Most of these Trojans are small fry these days, representing only a few tens of thousands of infections worldwide, at least as far as Symantec is concerned (the real number will be higher). The 'biggie' remains Zbot (which includes Zeus, Citadel and Gameover), responsible for 4 million infections.
Some appear to have fallen off a cliff, particularly Cridex which dropped 88 percent, and SpyEye which fell 87 percent. The once-imposing Shylock has fallen so far it now accounts for fewer than 9,000 infections.
The question is what it behind this fall. Symantec pats itself on the back a bit here, noting that some of the drop can be explained by earlier interception of the threat using URL filtering or when delivered by an exploit kit through the browser. So it's not that the Trojans aren't out there, simply that they're not reaching the PC.
Other likely factors include takedowns and arrests — 2014 was a record year for reported arrests of criminals behind exploit kits and malware.
Cut adrift, the malware one distributed by decommissioned criminal infrastructure slows, "causing the malware's usage to drop and shift," said Symantec's Candid Wueest.
"Cybercrime won't disappear overnight, but the continued collaboration efforts between law enforcement and private industry will make it harder for cybercriminals to operate."
The top country for financial Trojan detection remains the US with just under a million detections, followed by the UK with around 380,000 and Germany with around 250,000. Although probably an accurate ranking, the absolute numbers probably also reflect by the firm's US-oriented customer base.
Mebroot is easily the most promiscuous Trojan, whose business mdoel has seen it sold widely to be used against an extraordinary 1,000 plus different global banks. All of the others target at most a few dozen to the low hundreds.
Sign up for Computerworld eNewsletters.