Malware Installed on Buffalo Website, States Symantec
According to Symantec, consumers of Buffalo the manufacturer of networking and storage devices, after pulling down specific files from Buffalo's official site, during May end-week 2014, in Japan, possibly had their PCs contract a Trojan designed to steal banking info.
Buffalo, which posted a security advisory dated 2nd June 2014, cautioned consumers of somebody who had manipulated ten files the company's website provided for download on 27th May, 2014, during 6:16am to 1pm.
The attackers after tampering with those ten files to make them malicious posted them on Buffalo's site, and a total of 540 individual Internet Protocol addresses were found downloading them 856 times, Symantec's researchers stated. Pcworld.com reported this, June 4, 2014.
As accords to Buffalo, it publicly distributed a few driver installers it maintained, on its site and those had been hijacked as well as tainted with malware.
There were dual methods by which the attackers modified the installers. According to one, they modified one RAR file known as setup.exe that was self-extracting for running one malevolent .dll file when it was being installed. Actually, this .dll file happened to be one Trojan that planted one more .dll file, which pulled down as also loaded Infostealer.Bankeiya.B from elsewhere. The modifying process led to the breakage of the certificate for digital signature.
As for the other technique, attackers incorporated an installer of Buffalo into Infostealer.Bankeiya.B, while the latter was made to appear an authentic installer. Consequently, the installer when executed would plant the file, setup.exe to benefit both the authentic driver and one Trojan component which planted one malevolent .DLL that downloaded Infostealer.Bankeiya.B's key payload.
Whilst running the attacker hijacked installers, one user-interface WinRAR in Chinese language got exhibited.
Now Bankeiya.B, to work, requires Windows OSes such as 7, Vista and XP, while it reads Internet banking sessions within Chrome of Google, Firefox of Mozilla, as also Internet Explorer.
Meanwhile, Buffalo isn't alone in being a hardware manufacturer whose website was utilized to launch malware on consumers. During 2009, Trend Micro another security company discovered that hackers distributed malware-tainted device drivers of Razer, the company that manufactured gaming peripherals, on its support website.
ยป SPAMfighter News - 6/16/2014