Attacks with Password-Stealing Trojans Rising: McAfee
The "2010 Threat Predictions Report" by the security firm McAfee that was released towards the end of 2009 forecasted that there would be rise in attacks against social-networking websites with trojans that steal passwords. And now, the company in its Q1-2010 report has witnessed a number of instances when such attacks occurred.
Among these, the Zeus attack has been most prominent. McAfee normally regards this malware as Spy-Agent.bw and PWS-Zbot, which is the most effective Trojan for stealing passwords.
States McAfee, for cyber-criminals, Zeus is simply a very important tool. These people frequently combine such password-stealing malicious programs with illicit online content of other kinds. During Q1-2010, the company observed Zeus installing plenty of goodies. Also, this malware, most of the time targeted users of Facebook, McAfee reports, as per the news published by scmagazineuk.com on May 18, 2010.
Furthermore, according to McAfee, the commonest online assault during Q1-2010 was a massive e-mail spam campaign, which circulated a fraudulent message suggesting recipients to reset their passwords. Naturally, this drew attention of a large number of users. The message also provided an attached document which often carried the Pushdo or Bredolab Trojan that behaves like a Zeus installer without requiring any intervention from the end-user.
Moreover, McAfee reports that because of the Zeus group of malware, there was an unprecedented increase in malevolent websites and URLs, considering the ease with which the malware is used.
The company further highlights, users of Facebook, in addition to being attacked with Zeus as well as bogus security warnings, were also targets of fresh versions of the notorious W32/Koobface virus. During March 2010, McAfee discovered that over 150 websites hosted malware inside the .sys directory that hides on UNIX computers.
Besides, McAfee reports that during Q1-2010, there were distinct shifts towards highly-malicious servers that relied on fast flux Internet Protocols and automatic practices of domain registration. By finding just one Zeus-infected system, dozens more could be easily found. So when the company identified one server issuing commands with Zeus, it was able to identify another 160 domains that carried out malicious activities ranging from media sharing and social-networking infections to credential phishing like those related to IRS.
Related article: Attacks On IM And Chinese Malware On The Rise
» SPAMfighter News - 31-05-2010