ZeuS Variant Gameover Hits Job Site Monster.com; F-Secure
F-Secure the security company has warned of the notorious Trojan ZeuS whose Gameover variant is currently disrupting Monster.com the job recruitment website.
According to Sean Sullivan Security Analyst at F-Secure, the attack's strategy has dual phases for compromising users' accounts when they visit the website Thus, to begin hackers plant the Gameover program onto victims' computers and infect the systems. V3 published this dated March 26, 2014.
Sullivan explains that the Gameover is planted via the typical method of lure involving malvertising or spam; bot installer; alternatively exploit toolkit. When planted, the malware seizes credentials like username and password entered onto online forms. This is the first phase of the assault.
The second phase has users tricked into revealing rest of their credentials so the hackers can wholly compromise those users' accounts by means of one fake security verification online form.
Sullivan adds that the form directs the user for choosing and replying to 3 security queries from a total of 18.
As per F-Secure, it's not known what purpose the attack serves, although it's possibly devised for hacking into HR departments' accounts via Monster.
Moreover, the number of victims of the Gameover outbreak is still not clear. Sullivan says the botnet used is a P2P (peer-to-peer) infrastructure therefore counting is rather tricky.
Meanwhile, Gameover ZeuS attacking major employment website isn't new for, before Monster.com, it was hitting CareerBuilder.com over certain length of time.
Therefore, security experts at F-Secure state that recruiters from job sites must look out for unusual things on account login web-pages, particularly when those recruiters A/Cs deal with spending budgets or bank accounts.
The security company notes that incorporating the two-factor validation to job sites would be good in addition to mere security queries.
Eventually, Gameover has been especially vibrant lately. During first half of February 2014, Malcovery Security a security company revealed that Gameover's fresh variant got disseminated in the form of .enc file meaning an encrypted document, towards circumventing network securities. After sometime, in the same month, Sophos identified another Gameover variant, which safeguarded its processes/files via one kernel rootkit, thus making the malware's elimination really hard.
» SPAMfighter News - 01-04-2014