Salesforce.com Warns that their Site Maligned with Dyre Trojan

Itnews.com.au on 9th September, 2014, reported that customer relationship management giant Salesforce.com is warning its customers that they may be attacked by new Dyre or Dyreza malware.

Dyre was identified in June 2014 and it is quite new among the banker Trojan crowd without having the reach or effect of older bankers like Carberp or Zeus but it has some interesting capabilities due to which it becomes troublesome. The malware gets installed on the user's machine as and when the user clicks on a malicious attachment in a spam message.

The sophisticated code attempts to crack two-factor authentication whenever it lands on the machine and conduct man-in-the-middle (MITM) attacks to hijack accounts of victims mainly from the lucrative banking industry.

Most banker trojans try to stay in their lane and target only banks as there is money involved. Dyreza is widening its horizons to attack customers of Salesforce.com.

HELP NET SECURITY published news on 8th September, 2014 quoting a warning of the company as "One of our security partners identified on 3rd September, 2014 that Dyre malware which mostly targets customers of well known large financial institutions, may now also attack some users of Salesforce. Though we don't have any evidence that any of our customers have been affected by Dyre malware but we are still investigating and if we find any customer has been impacted then we will reach out to them."

Salesforce advises users to ensure addition of malware's signature on antivirus software and IT admins limit the range of IP addresses and users should log into servers of Salesforce only with a suggestion of adding two-factor authentication.

Researchers of Adallom, a SaaS security company, discovered a variant of Zeus Trojan during February 2014 which targeted users of Salesforce.com.

Although online banking websites are still most targeted by campaigns of cyber attack, attackers are also targeting different organizations like providers of payroll services and corporate finance, email services, stock trading, mail delivery services, social networking, entertainment and dating portals and employment portals.

Adallom suggested that when SaaS applications are used, companies should assume that the devices of user are compromised and install relevant security controls to detect and prevent capabilities.

» SPAMfighter News - 9/15/2014