Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Hackers Using Jabber IM for Sending & Receiving Stolen User Credentials

The RSA Fraud Action Research Lab, which conducted an investigation in a number of attacks with Zeus Trojan during May-July 2009, discovered and traced down a fresh technique of Internet attack with which criminals speedily delivered hacked credentials.

The investigation by RSA of a number of variants of Zeus showed that some cyber crooks had begun utilizing the Jabber IM (instant messaging) service to leverage compromised user details.

By employing Jabber, online criminals were able to receive stolen information immediately as it was gathered from a Zeus infected computer.

The security researchers state that the components of Jabber IM, which had been put inside the Zeus variants, were programmed in such a way that they extracted the credentials of users from the database of the Zeus' "drop" server, and instantly transmitted the same to the remotely-situated criminals.

Nevertheless, online criminals might not necessarily get the hacked credentials, which are contained in the Trojan "drop" server, in real-time. The hackers might be sitting other side of the globe or might not be having an uninterrupted link with the server.

Therefore, crooks are employing the Jabber IM for automated dispatch and receipt of hacked credentials that immediately follow their collection. As for the current instance, the cyber criminals utilize twin Jabber accounts, one that transmits targeted compromised details from the database of the infected server and another that receives those details.

Commenting on the point, the researchers stated that the incident indicated scammers' increasing focus on immediacy as they made efforts to beat measures implemented for identification and avoidance of banking scams.

Sean Brady, Senior Manager for Identity Verification and Safeguard at RSA, said - a definite change, which had occurred recently, was that there was a decline in the delay of using stolen credentials, as reported by TheRegister on August 27, 2009. Brady added that the fraudsters surely acted urgently to exploit the credentials.

Meanwhile, RSA found that the first Jabber crime that the company traced extracted hacked user details from only one financial institution that was based in the USA, suggesting a targeted Zeus assault related to IM.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 10-09-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next