Man Disseminating Ghost RAT now under Custody of Taiwan’s CIB
According to researchers from Trend Micro, the Criminal Investigation Bureau of Taiwan recently detained a man thought to have been associated with cyber-assaults which utilized Ghost the infamous Remote Access Tool (RAT).
Trend Micro, while helping CIB during an investigation that was launched vis-à-vis the cyber-assaults, described the cyber-criminals as disseminating Ghost RAT's novel variant namely BKDR_GHOST through spear phishing electronic mails, which posed as arriving from Taiwan Bureau of National Health Insurance.
There were web-links inside the fraudulent e-mails which took recipients onto one website that delivered a formal-appearing .rar file. The RAR folder carried one .exe file, supposedly an innocuous document, which when executed installed as well as ran the RAT, giving the criminals total hold over the infected computer.
Alongside enticing victims onto the malware-ridden site, one other evasion tactic was used wherein the cyber-crooks held the payloads of the new GHOST version within a document that was protected with a password kept inside one AMICROSOFT.VBS installation script.
And when BKDR_GHOST was run, it gave attackers complete control over the contaminated PC thus enabling them to carry out malicious tasks from the device such as extracting confidential and precious personal information.
This way, seemingly 10,000-or-more items of private information were stolen prior to the attacker's arrest, Trend Micro emphasized.
Moreover, following the malware attacks, Interpol declared that it would set up one "Global Complex for Innovation" during 2014 in Singapore. The establishment practicing cyber-crime prevention with high degree of expertise would serve as the nodal point from where the agency would promote increased cooperation by multiple stakeholders as also enhance the law enforcers' Internet dexterity.
For that security companies would assist via providing training for members of the Interpol, government agencies and police along with CNI companies within the participating nations. Such training would comprise courses on classroom-held practice workshops, e-learning programs, professional certifications and/or other workshops.
Meanwhile, like always, Trend Micro recommends users for exercising caution prior to clicking any web-link else viewing an attachment within e-mails. As attackers quite commonly spoof reputable institutions and government agencies, it's only imperative that users validate an incoming e-mail's authenticity before handling it.
» SPAMfighter News - 28-06-2013