Password-Stealing Polymorphic Malware on the Rise

Security researchers caution that spam outbreaks consisting of "polymorphic malware" programmed for spreading banker Trojans that steal passwords are on the rise since recent months. Tgdaily.com published this on October 3, 2011.

Several companies were seemingly so tricked that they transferred money via polymorphic as well as other sinister malicious programs, such as North Putman Community School Corporation transferring $98,000, Oncology Services of North Alabama -$120,000 as well as California's City of Oakdale -$118,000.

Brian Krebs, a security researcher states that a well-known spam trick involves sending an e-mail crafted as appearing like a message from NACHA, an organization that doesn't seek profit while establishing operating guidelines benefiting companies which deal with electronic payments. Tgdaily.com reported this.

Krebs notes that it's "doubly insulting" to utilize NACHA's name as lure since victimized companies fast discover fresh employee names, who actually serve as money mules for others, strangely inserted into their payrolls.

Krebs elaborates that once the mules' names are inserted, the cyber criminals utilize the Internet banking credentials of the victimized companies for crediting the mules with illegitimate payroll payments. These mules then, as per instructions, withdraw that money and wire it overseas after retaining their commissions, the researcher adds.

The researcher further adds that these assaults are aborted not because of anti-virus scanning or high-tech PC systems, for the malware utilized isn't clear, albeit in the case of the fake NACHA e-mails, the messages carried an installer that dropped Trojan Zeus. Nonetheless, these assaults rely more on socially-engineered tricks against humans instead of security solutions and defeating technology, he continues. Krebsonsecurity.com reported this on October 3, 2011.

Krebs says that there isn't any lone technology or approach for preventing these 'account compromises,' however, to stop cyber-thieves from filching an organization's credentials for Internet banking is one crucial initial step. Hence it's advisable that SMBs have a PC maintained exclusively to conduct Internet banking, with that PC locked down and routinely made up-to-date. Alternatively, they can work with a non-Windows computer like a Mac or Live CD as a highly secured approach though it isn't necessarily very affordable or practical, he concludes.

Related article: Password Stealers Rising Alarmingly

» SPAMfighter News - 10/13/2011