Botnet takedowns have dented the numbers of financial trojans despite hackers deploying increasingly sophisticated malware, according to the security vendor Symantec.
A report from the firm found that infections from financial trojans dropped by half over the course of last year, after a pronounced increase in the first few months, with the US, UK and Germany counting the highest number of infections.
Candid Wueest, threat researcher at Symantec, said: "The drop in detections in 2014 can be partially attributed to a few takedown and arrest operations conducted by different law enforcement agencies in cooperation with the security industry.
"Malware author arrests often lead to an end of support situation for threat families, causing the malware’s usage to drop and shift."
The prevalence of many financial trojan families dropped between 2013 and 2014, with Cridex suffering the steepest decline as the number of detections fell from 125,000 to a mere 29,000.
However the fortunes of Zbot, also known as Zeus, went in the opposite direction, as detections doubled over the same period from two million to four million.
"Most financial Trojans nowadays are distributed through exploit kits such as Styx, Angler, and Nuclear, and we have technology to cut these attacks off before they can do damage," Wueest explained, referring to bespoke malware designed to target specific bugs.
"Our URL reputation technology can prevent users from visiting exploit kit landing pages in the first place," he added. "Additionally, our browser protection technology can block the exploits that are distributed through these kits before they can download dropper malware onto computer."
High profile botnet takedowns caught increasing media attention last year as police sought to reassure the public that they were taking action against a surging wave of cybercrime.
However many have disputed their effectiveness, with one security researcher informing CBR that the hackers behind GameOver Zeus, a variant of Zbot shut down last summer, had simply moved on to newer, more sophisticated strains of malware after the takedown.