Monster Spam Campaigns Lead to Cyberheists

Discussion in 'malware problems & news' started by MrBrian, Oct 4, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Kreb writes,

    Here is how the attack works:

    Security Experts Caution NACHA Members on Zeus Trojan Attack
    http://www.pressabout.com/security-experts-caution-nacha-393336/
    Kreb continues:

    Well, yes and no.

    If the social engineering trick is successful -- that is, if the user clicks to download the Transaction ID file -- if protection is in place to block the installation of a trojan executable -- which is a remote code execution exploit, that is, it runs in the background with the user unaware -- such protection will nullify that part of the exploit.

    I don't have a fake NACHA email with the exploit to test, but it took just a couple of minutes to find a current URL serving up the Zeus trojan, using a JAVA exploit, to see how easily a trojan executable can be prevented from installing, with one of many solutions available these days:

    zeus-java.jpg

    Unfortunately, Krebs, like most bloggers on security, confines protection to antivirus detection

    regards,

    -rich
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Yeah, where would those bloggers be without their sponsered AV "Tests" :D
     
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Thanks for posting about this!

    For a very small business, we have had a bunch of these fake ACH emails. As soon as I saw the quantity we were receiving, it waved a big red flag that they were fake. They might have had better social engineering luck if they would have only sent a couple... ;)
     
Loading...
Thread Status:
Not open for further replies.