Trend Micro says that Apollo Malware Campaign Targets Bankers in Eastern Europe
Security firm Trend Micro says through a recently released Whitepaper that a malware campaign known as Apollo targets online banking customers in Eastern Europe using a mix of old and new techniques to steal data from unsuspicious victims.
The security firm says that the campaign uses a highly customized version of Zeus in tandem with an exploit for an old vulnerability in Microsoft Word. In most of the incidents, the attack begins with an email purported to be a message from the government of Ukraine. The spoofed emails have attachments that exploit an old Microsoft (MS) Office flaw, CVE - 2012 -0158, to move forward, 'a.exe' file onto the targeted machine.
The executable is in actuality a tailored edition of Zeus and once it maligns a system, waits for the victim to visit certain banking websites.
When one of these websites is visited, the threat begins logging keystrokes and capturing screenshots to collect sensitive details that the crooks can use later to reach their goals.
Older editions of Zeus infused fake web-pages to dupe unsuspecting victims into giving up their personal as well as financial details.
Besides Zeus, the attackers employ a range of additional tools like the 'Bleeding Life' exploit pack, Ann Loader and Pony Loader.
Experts have detected over 5,000 tarnished IP addresses globally. Of them, 43% are based in Russia, Ukraine (44%), 2% each in Germany, Netherlands (2%) and some sufferers are positioned in Belarus and Poland.
Trendmicro.com published report on 22nd October, 2013 quoting a blog by Jessa De La Torre, Senior Threat Researcher of Trend Micro, as "Our research demonstrates that although most banking Trojans aim at renowned banks (in the US, UK, etc.), there are a few operators who favor a more local and less predictable approach and carry off their plans by employing numerous tools accessible underground. Additionally, it also exhibits that cybercriminals are forever looking for optional ways to adjust to defenses."
Trend Micro advised that it is essential for companies to educate employees against similar crimes as social engineering via spoofed e-mails confirmed to be the weapon of choice for such campaigns and companies must always keep security-linked policies in place like developing training programs and simulation against actual social-engineering efforts.
» SPAMfighter News - 30-10-2013