Golroted Trojan Repeatedly Attacking SMBs, Finds Quick Heal

According to Quick Heal Technologies, the infamous data stealing Trojan malware 'Golroted' has been found attacking SMBs (small-and-medium sized businesses) more-and-more for filching their monetary related log-in details as well as other secret information.

Following one thorough examination of Golroted from the initial notice of the malware in November 2014, Quick Heal thinks the Trojan's assaults basically occur within Middle East and South-East Asia. The number of contaminated end-users was highest in India at 33% followed with Indonesia (31%) and Thailand (9%).

The examination by Quick Heal reveals that the cyber-crime syndicate responsible for Golroted is executing many bulk e-mail scams which distribute spear phishing messages having files attached containing either zipped archives having keyloggers or exploited Microsoft files. On viewing one of these malevolent attached files, the keylogger garners critical data from the system followed with transmitting the same onto its designated server. This' done via dispatching the data onto the server through e-mail attachments alternatively via posting it onto certain FTP server.

Filched details from victims' PCs consist of end-user's bank details, captured screenshots, login names as well as passwords in addition to the contaminated PC's details.

The malware monitors as well as captures screenshots of websites victims got to, and documents they open that subsequently get uploaded onto its command-and-control server. Moreover, passwords that Golroted records are usually those of social media and e-mail accounts along with financial service and banking portals as well as government-related websites. The passwords also include for A/Cs at major Indian banks as well as of Yahoo, Gmail, Windows Live Mail and Rediff A/Cs. Besides, passwords of PayPal, Paytm and the like online payment websites too figure within the list.

According to Chief Technology Officer Sanjay Katkar at Quick Heal Technologies, in the present time, Golroted like many malware groups are attacking SMBs for capturing their confidential data. Therefore, it's advisable that users adopt sufficient security as well as not use Web-browsers' "Remember Password" option for protecting their passwords, the Officer adds. Ncnonline.net reported this, June 5, 2015.

Eventually, for staying safe from such undesirable malevolent assaults, end-users must make sure their most recent virus databases are up-to-date.

» SPAMfighter News - 6/15/2015