Zeus

New Dyre Banking Trojan

June 15th, 2014

A new banking Trojan also known as Dyre or Dyreza was discovered by Researchers at CSIS and PhishMe. It was found that this virus is designed to bypass SSL protection and steal banking credentials.

PhishMe researchers warned of this new malware, being delivered via phishing emails with the subject lines “Your FED TAX payment was Rejected” and “RE: Invoice.” The emails contain links to files on LogMeIn’s Cubby.com file storage service. “Since Dropbox has been quick to block phishing links, the attackers needed a new legitimate service,” noted PhishMe’s Ronnie Tokazowski.

Process of attack is as follow – Click on the link in the email, and you’ll download a zip file. If you open the zip file, and malware is installed, which monitors all of the victim’s browser traffic, including SSL traffic, with the aim of stealing and uploading online banking login credentials.

“[Bank credentials] should be encrypted and never seen in the clear,” Tokazowski wrote. “By using a sleight of hand, the attackers make it appear that you’re still on the website and working as HTTPS. In reality, your traffic is redirected to the attackers’ page. To successfully redirect traffic in this manner, the attackers need to be able to see the traffic prior to encryption, and in the case of browsers, this is done with a technique called browser hooking.”

Krause told Dark Reading that the malware seems to represent a new banker Trojan family, unrelated to the Zeus Trojan. “One of the biggest differences between Zeus and Dyre is how communication with the command-and-control infrastructure takes place,” he said. “With Zeus, data is usually encoded or encrypted, then passed back as raw binary data. With Dyre, the data is POSTed in the clear, making detection for enterprises with IDS capabilities very straightforward.”

But that may well change in the near future. “Since data is being posted back unencrypted, I believe this malware is only in its infancy, and we should expect more refinements from the malware author,” Krause said.

Kevin Bocek, vice president for security strategy and threat intelligence at Venafi, told eSecurity Planet by email that the threat from Dyre is being enabled at least in part by the blind trust too many users have in SSL/TLS. “In fact, 40 percent of mobile online banking applications are estimated to be vulnerable to man-in-the-middle (MITM) attacks without any cyber criminal effort,” he said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Japan gets ready for Zeus

May 15th, 2013

Zeus, called after the Greek deity, now establishing new point of interest: Japan Internet banking Consumers

Zeus along with other financial Trojans are already a huge headache to internet banking consumers around the globe for a long time.
Specific nations for instance the japanese have escaped assaults from financial Trojans, possibly as a result of language barrier and perhaps other unfamiliar cause.

Since the national law enforcement organization of Japan has reported repeatedly, Japanese internet banking consumers began to become victims for this form of assault.

Lately we discovered a fresh new Zeus variant focusing on several banking institutions with inside Japan.

The functionality matches the other variants. As soon as executed, the Trojan hooks on the browsers monitoring any URLs related to financial institutions then inserts code in the page which shows a note notifying of an upgrade to the banking system and asking to enter the registration information which includes accounts, passwords and every other details.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta