Search Here....

2010年10月15日 星期五

Zeus banking Trojan attacks spread to social networks, smartphones

A rising percentage of spammed messages and posts flooding the top social networks are carrying money mule recruiting lures and Zeus Trojan infections specifically designed to help cybergangs carry out coordinated, large-scale pilfering from online banking accounts.


It takes a village to pull off multi-million dollar online banking heists. We now know this in detail thanks to the recent bust-up of a Ukraine-based gang of cyberrobbers by U.K. and U.S. law enforcement.


Such heists begin with many specialized accomplices spreading their lures and infections via email, social networks and now smartphones.


That's the upshot of fresh research from CA Technologies, AppRiver and the University of Alabama at Birmingham.


Why should you care about the accelerated rate at which cybercriminals are spreading Zeus through spam, social networks and smartphones?


These tainted messages, posts and smartphone alerts represent the initial tentacles of elaborately-staged attacks designed to crack into your online banking accounts -- or your employer's. A person who clicks on a tainted Facebook link while at work may inadvertently download a program that infects every computer in his or her office.


Small organizations are being specially targeted and losing crippling amounts, and as the recent bust of the U.K.-U.S. cyber robbery gang shows.


The FBI says this one gang alone atttempted fraudulent transfers of $220 million and successfully got their mitts on $70 million. Keep in mind there are probably a dozen or so gangs of this caliber operating, as well as hundreds of smaller thieves probing online bank accounts, says Don Jackson, senior threat researcher at cyber forensics firm SecureWorks.


Also keep in mind that you, the individual consumer, are also being targeted. Most consumers get made whole by their banks. But the hassle is unnerving, and once your account has been hacked, the bad guys have much of what they need to do it again.


CA Technologies just issued this report outlining the rich, diversified "crimeware" market. In the cyberunderground, anyone can buy powerful software toolkits that enable non-technical folks to swamp Twitter and Facebook with viral posts and messages. The goal: to recruit accomplices, amass stolen account logons and infect your PC .


Similarly, anyone can buy tools to spread turn-key spam all ready to go with messages crafted to recruit "money mules," the key accomplices in million dollar money laundering operations. All of this takes place in a thriving cyberunderground that follows the basic laws of supply and demand.


"Crimeware isn't new, but the extent to which a services model has now been adopted is amazing," says Don DeBolt, director of threat research, Internet Security, CA Technologies.


Crimeware may not be new. But it is being deployed at unprecedented levels, says Gary Warner, Director of Research in Computer Forensics The University of Alabama at Birmingham Department of Computer & Information Sciences and Department of Justice Sciences


Warner says he is continuing to see high volumes of mule recruitment email, and more targeted spam designed to flush out controllers and financial managers at small companies, local governments, churches, schools and non-profits.


"The volumes are quite high," says Warner. "That tells me that our round of arrests, while large, clearly has not changed the message of cybercrime which is that risks are low and the payoffs are high."


Most of the charges and arrests in the FBI's and Scotland Yard's recent big bust were of mules and mule handlers.


"Even in this case, the mules are bearing the brunt of the arrests while very few highly-ranked criminals have been brought to justice so far," says Warner. "Some highly ranked folks, in the Ukraine for instance, have been arrested, and these are significant arrests and great success stories, but we need to do that about a thousand more times before the criminals are going to believe we are serious about crime."


Most recently, spammers have been directly deploying Zeus and other banking Trojans via email attachments that arrive as spam purporting to be a job application or a job offer.


The Zeus banking Trojan, created and maintained by the Russian hacker known as A-Z, remains the hottest piece of crimeware out there. However, an upstart rival, called Spyeye, is gaining popularity, says DeBolt.


Banking Trojans are customizable programs efficient at silently stealing from your bank account while you are logged on doing your daily online banking.


Like Zeus, Spyeye steals your banking log-in credentials, disables antivirus protection, hides itself from detection and creates hooks that gives the controller several routes to take over full control of your PC.


Older Zeus crimeware kits still fetch around $4,000, while the latest Spyeye kits are available for $500, although with new plugins, the price easily rises to $2,000. What's more, Spyeye can be programmed to eliminate and replace any ZeuS infection it runs across, says DeBolt.


Banking Trojans like Zeus and Spyeye enable cyberrobbers to pilfer with near impunity from the online banking accounts of countless companies and individuals. Because of the money to be made, it's not surprising that cyber criminals appear to be on the verge of spreading banking Trojans on a widespread basis to smartphones, says AppRiver researcher Fred Touchette.


"Malware for smartphones does currently exist, and I expect many more attacks geared toward smartphones in the future," says Touchette.


In August, Touchette discovered a Facebook Zeus attack with a twist. It began in typical fashion, with a swarm of emails purporting to arrive from Facebook carrying the subject line, "Reconnect with Friends." To reveal the contents of this notification, the recipient was asked to click on a link that actually installed the Zeus banking Trojan on the recipient's PC.


The attack did not stop there for any Facebook member; he or she would also receive the tainted message on his or her smartphone.


The twist: when the message was accessed on the smartphone, it caused the Facebook application to launch, thereby allowing recipients to review the e-mail contents within the Facebook application itself. This made it appear less like spam and more like an official smartphone notification from Facebook, a source many people trust.


"The message came across rich with Facebook graphics giving it a legitimate look and feel of official Facebook correspondence," says Touchette.


The phone message contained the corrupted link. However, the bad guys had programmed the Zeus infection to install only on a PC web browser. For some reason, they did not go the extra step to configure the infection to also install on smartphone operating systems.


So anyone who got the slick smartphone version of this particular Facebook attack was in no danger of infection, says Touchette.


Even so, the attackers, whether by oversight or not, opened up a new way to attack smartphones that others are sure to take advantage of.


"If the bad guys can get a link to arrive on your phone, disguised as if it's coming from Facebook, and get you to click on it, they've got you," says Touchette. "It's just as trivial to install a banking Trojan on your smartphone, including iPhones and Droids, as it is on a PC."


By Byron Acohido

To report corrections and clarifications, contact Standards Editor Brent Jones. For publication consideration in the newspaper, send comments to letters@usatoday.com. Include name, phone number, city and state for verification. To view our corrections, go to corrections.usatoday.com.

View the original article here

沒有留言:

張貼留言