Cyber-criminals Execute e-Payment Malware Assault

One fresh malware assault that exploits web-based vulnerabilities is carrying out drive-by download operation masquerading as one electronic cash-transfer to lure victims, published V3.co.uk dated December 3, 2011.

Utilizing the link-shortening facility goo.gl of Google, the attackers manage in concealing the drive-by website's source, as the assault asserts that it's from the EPA (Electronic Payments Association) as well as informs end-users that an attempt at directly making a deposit had turned futile.

Also, following the web-link within the message diverts users onto a site that makes effort for carrying out several exploits through Java and Flash security flaws.

According to director of threat research Andrew Brandt at Solera Networks Labs, the assaults represent one far bigger tendency of cyber-crooks to aim at intermediary elements and browser plug-ins. Security Focus Europe reported this dated December 3, 2011.

Brandt added that users in spite of using any previous edition of web-browser needn't be worried about being secured provided they updated software such as Java, Adobe Reader and Flash.

Additionally, the assaults further outline that 3rd-party link-condensing facilities are used in these operations, while other earlier spam as well as malware attacks likewise utilized such devices for keeping targets off the original assault website.

Further as Brandt says, the assaults simply indicate the extent to which cyber-criminals use their varied techniques of attacking people through malicious software.

According to him, cyber-criminals were moving in favor of drive-by downloads discarding malware attacks via e-mail attachments.

Further, security researchers note that online crooks use the "Electronic Payments Association" as frequent bait as evident from identical tactics that had been employed for targeting it several times earlier.

Similarly, during December 2011, the Federal Bureau of Investigation cautioned of one scam e-mail that apparently arrived from NACHA's EPA carrying malware or malevolent web-links. The threat was the 'Gameover' variant of the Zeus Trojan. And the scam electronic mail reportedly managed to instantly victimize users since unlike the usual of NACHA, the EPA directly dispatched e-mail to consumer and/or business Internet-users.

Eventually, it's advisable that users deploy security software like anti-viruses on their computers and maintain them up-to-date all the time.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 12/15/2011