Threat of Customized Malware Attacks by Trusteer
In-browser web security specialist, Trusteer has threatened netizens about the emergence of a new malware attack targeted at business social networking sites. Through these sites, hackers identify their victims and purposefully infect the user's computer and hacks all legitimate credentials from their machines.
By the end of March 2011, CEO of Trusteer, Mickey Boodaei along with his research team observed two instances of similar attacks as evident from a statement published by infosecurity-magazine on March 28, 2011.
Needlessly, on evidence of such instances, enterprises failed to understand the inference and implications of such attack and simply instigated themselves into disinfecting the user's machine and move on with their continued effort.
In an explanation, Boodaei claimed the process of Google Alert settings maintained by several executives in order to tap any such eviction. The setting automatically prompt the engine to pronounce their own name, which is practice known as a 'vanity search', as reported by v3.co.uk on March 24, 2011.
By using an exploit tool or an attack code, an attacker could easily draft a spiteful page, which can then be loaded with words that are related either with the individual or company under target. Further on appearance of this attack page on the target's vanity searches, possibly executive or other high-value targets would be enticed into a malware attack.
However, according to Boodaei, the effectiveness of the attacks could be raised by the employment of zero-day flaws along with a combination of personal information obtained through services, such as LinkedIn.
Data breaches are becoming increasingly popular in the security world along with the arrival of Trusteer report. Of recent, security firm, RSA recognized a data breach on its systems due a result of a subtle and high-end targeted attack.
Furthermore, Trusteer held that in its research career of targeted attacks since three years, these kinds of attacks are representative of the future prospect of online fraudulence and financial industry darkware.
Finally, Trusteer concluded by recommending that organizations are required to reassess their move towards targeted attacks as these incidents are enough evidence of volatile threats towards business, as reported by Trusteer on March 23, 2011.
Related article: Third Data Breach on Pfizer’s System
» SPAMfighter News - 08-04-2011