Monster Spam Campaigns Lead to Cyberheists

Discussion in 'malware problems & news' started by MrBrian, Oct 4, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Kreb writes,

    Here is how the attack works:

    Security Experts Caution NACHA Members on Zeus Trojan Attack
    http://www.pressabout.com/security-experts-caution-nacha-393336/
    Kreb continues:

    Well, yes and no.

    If the social engineering trick is successful -- that is, if the user clicks to download the Transaction ID file -- if protection is in place to block the installation of a trojan executable -- which is a remote code execution exploit, that is, it runs in the background with the user unaware -- such protection will nullify that part of the exploit.

    I don't have a fake NACHA email with the exploit to test, but it took just a couple of minutes to find a current URL serving up the Zeus trojan, using a JAVA exploit, to see how easily a trojan executable can be prevented from installing, with one of many solutions available these days:

    zeus-java.jpg

    Unfortunately, Krebs, like most bloggers on security, confines protection to antivirus detection

    regards,

    -rich
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    Yeah, where would those bloggers be without their sponsered AV "Tests" :D
     
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    Thanks for posting about this!

    For a very small business, we have had a bunch of these fake ACH emails. As soon as I saw the quantity we were receiving, it waved a big red flag that they were fake. They might have had better social engineering luck if they would have only sent a couple... ;)
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.