The security firm Bit9 released a more detailed analysis of the hack of its corporate network was part of a larger operation that was aimed a firms in a “very narrow market space” and intended to gather information from the firms. The analysis, posted on Monday on Bit9’s blog is the most detailed to date of a hack that was first reported on February 8 by the blog Krebsonsecurity.com, but that began in July, 2012. In the analysis, by Bit9 Chief Technology Officer Harry Sverdlove said 32 separate malware files and malicious scripts were whitelisted in the hack. Bit9 declined to name the three customers affected by the breach, or the industry segment that was targeted, but denied that it was a government agency or a provider of critical infrastructure such as energy, utilities or banking. The broad outlines of the story about the hack of Bit9, which sells […]
Tag: banking
New Phishing Toolkit Uses Whitelisting To Keep Scams Alive
Researchers at RSA say that a new phishing toolkit allows attackers to put a velvet rope around scam web pages – bouncing all but the intended victims. The new toolkit, dubbed “Bouncer,” was discovered in an analysis of attacks on financial institutions in South Africa, Australia and Malaysia, said Daniel Cohen, Head of Business Development for Online Threats Managed Services at RSA. The kit allows attackers to generate a unique ID for each intended victim, then embed that in a URL that is sent to the victim. Outsiders attempting to access the phishing page are redirected to a “404 page not found” error message, Cohen said. In phishing attacks, attackers pose as a legitimate online entity in an attempt to obtain a user’s username, password or other sensitive information. Phishing attacks often rely on imposter web sites to trick users into giving up their secret information. The discovery of “Bouncer” underscores the […]
Tantalizing Clues in Dexter Malware Lead to Mystery Man…and Zeus
The Dexter malware is getting some media attention this week – and not just because the malware shares its name with Showtime’s popular drama about a serial killer by the same name. (Not that those of us tasked to write catchy headlines don’t love stuff like that – ’cause we do.) No, the Dexter virus caught the attention of malware analysts because it infects point of sale (POS) systems like electronic cash registers, kiosks and automatic teller machines (ATMs), rather than run of the mill laptops and desktops. It has also generated some interest because it uses a form of memory dump parsing to steal sensitive data from infected POS terminals, and because its POS malware that is part of a botnet – communicating back to a command and control system and receiving commands – that’s quite unusual and, while its kind of insider baseball for malware geeks, it makes […]
Web Attacks Target Foreign Exchange, Payment Processing Sites
A currency trading web site was compromised and used to serve malicious java applications to unwitting visitors, according to researchers at the security firm Websense- part of what might be a larger trend. Websense said in a blog post on Wednesday that the site tradingforex.com, which is used by foreign currency traders, was infected with a malicious Java applet that, when installed, key logging and screen capture software. Tradingforex.com (@Tradingforexxx) is a Cyprus-based online trading web site. It allows individuals to trade on the global foreign exchange market (or Forex). Users can trade everything from foreign currencies to precious metals, commodities and other financial instruments. According to an investigation by Websense researcher Gianluca Giuliani, the site was pushing a back door program to visitors using a malicious Java plugin to exploit known Java vulnerabilities on the victims’ computers. Further investigation by Websense and Giuliani revealed that the malware being pushed […]
