November 18 Malware Alerts - Today's 5 Biggest Threats
Nazar
Tymoshyk is a highly-regarded IT security expert and he just released his list
of the 5 biggest malware threats making the rounds today so I thought I’d
pass along a thumbnail summary for your benefit. Not all of these are brand new but their impact is being felt on the Internet now.
Backoff Malware
Backoff Malware
Backoff is a
malware family that targets Windows-based point-of-sale (PoS) systems to steal
customer credit card info. Dairy Queen and the Supervalu supermarket chain have
suffered Backoff-related data breaches. Over
1000 total businesses in the U.S. are reported to have been affected so far. It usually arrives via fake e-mails
supposedly from reputable financial institutions.
It copies
itself to the infected machine, uses WinExec to mask itself and hinder analysis
process. The malware then collects the
stolen card information locally on the system.
It also has a component that uploads discovered data, updates the
malware and installs more malware.
Dyreza
man-in-the-middle Trojan
The Dyreza
Trojan aka Dyre targets financial institutions and steals users' credentials
for online banking or for other financial sites.
It uses a
browser hooking technique commonly called “man in the middle” and interrupts
traffic flow between your device and the target website. It can exploit Google Chrome, Mozilla Firefox
and Internet Explorer. It usually arrives as a bank notification email with a
zip file attached. Clicking on the Zip
file results in the malware installing itself on your computer and then
contacts a command-and-control server. It also appears as a false Google Update
every time you start your computer.
BlackEnergy
Trojan
The
BlackEnergy malware family’s key functions include DDoS attacks, spam
distribution and bank scams. Its manners of spreading include technical
infection methods through exploitation of software vulnerabilities, as well as
social engineering through spear-phishing emails and decoy documents (Microsoft
Word or PowerPoint), or a combination of both.
Infection is
accomplished through the exploit shellcode that drops two files to the
temporary directory: the malicious payload named "WinWord.exe" and a
decoy document named "Russian ambassadors to conquer world.doc." Then
these files are opened due to the kernel32.WinExec function. The WinWord.exe
payload serves to extract and execute the BlackEnergy Lite dropper.
The danger of
this malware lies in network discovery and remote code execution for collecting
data from the targets' hard drives. The document was also spotted in other
attacks, including MiniDuke.
Win32/Crowti
Ransomware
In the
tradition of CryptoLocker is Crowti, a family of ransomware that tries to
encrypt the files on a user's PC or block a user's access to the computer and
ask for payment to unlock it. This malware arrives in the form of spam email
campaigns and exploits.
This threat
can also be downloaded by other malware, such as TrojanDownloader:Win32/Onkods
or TrojanDownloader:Win32/Upatre. The attachment is usually hosted in a zip
archive that triggers malware action when opened. Win32/Crowti is also spread
through exploit kits such as Nuclear, RIG, and RedKit V2 that may take
advantage of Java and Flash vulnerabilities. Win32/Crowti can be also installed
via other malware, such as Upatre, Zbot, and Zemot.
Andr/BBridge-A
Mobile Trojan
We can’t
leave out mobile device infections currently making the rounds. Mobile Trojan “Andr/BBridge-A” is being blamed
for snatching and exposing users' personal data via a specific server relying
on HTTP to communicate with it.
This Trojan is
usually distributed as an Android installation package with an enticing file
name. The malware then asks users to install it. It also can send, scan and remove text
messages from your phone.
No comments:
Post a Comment