Trojan malware sends stolen user credentials via IM
Tuesday, September 1, 2009
Variants of a Trojan malware called Zeus or ZBot send out stolen user credentials via the Jabber instant messaging (IM) open protocol, allowing cybercriminals to hijack PCs almost as soon as they are infected.
According to web security researchers at the RSA FraudAction Research Lab, Jabber IM modules that have been built into Zeus/ZBot Trojans were configured to extract stolen user credentials from the Trojan's drop server database, which were sent instantly to the cybercriminal.
Zeus/ZBot variants flooded cyberspace on July 24 with record levels, according to security firm Fortinet. One variant spread through HTML/Agent.E, an attachment in a phishing spam email which used the eCard hook to potentially steal and sell personal consumer information.
In its August threat report, Fortinet reported that cybercriminals continued to use older techniques like the eCard scam, even while adapting to new web security vulnerabilities.
Of 168 new vulnerabilities detected, 62 were reported to be actively exploited in the wild, with a large portion of these attacked vulnerabilities rated as critical.
Two in-the-wild vulnerabilities in Microsoft Office Web Components (MS09-043) and in Adobe Reader/Flash (APSA09-03) were detected to have consistent exploit activity during this period, as well.
Related News:
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|
