Under the Filter

According to SecureWorks, the security company, its researchers have come upon “Bugat,” a new Trojan that steals banking information.

The discovery occurred during January 2010, with researchers finding that Bugat’s capabilities resembled the infamous Zeus and Clampi Trojans that stole data. Security researcher Jason Milletary, member of the Counter Threat Unit of SecureWorks Research Team told this to SCMagazineUS.com on February 9, 2010.

Furthermore according to Milletary, SecureWorks has seen some 1,200-3,000-attack attempts from Bugat in the 1st week of February 2010. These attacks targeted the company’s clients, the researcher reports. Darkreading.com published this on February 9, 2010.

Milletary states that his team observed a particular Zeus botnet spreading the Bugat.

So far Bugat has been mainly targeting corporate financial accounts.

Remarking about this characteristic marking the Trojan, security experts stated that with Trojan Bugat emerging, it became definite that new malware was greatly demanded for committing theft of financial credentials. They also said that with such malware, criminals still found it greatly profitable to execute wire and Automated Clearing House related frauds.

Evidently, the demand for new malware can be attributed to criminals’ search for inexpensive substitutes, or malware, which security professionals haven’t scrutinized much. With criminals steadily bringing in this kind of malicious software, it can unfortunately mean malware cost reduction and easier admission into the crime market.

Curiously, Trojan Bugat contains certain capabilities that aren’t common for other bank information stealing Trojans. One of these is that it secures its interactions with the command-and-control center so that other hackers may not steal its stolen data. Moreover, it’s capable of stealing FTP credentials.

However, Bugat has certain common attributes. These are capturing forms from Firefox and Internet Explorer browsers; seizing and erasing Firefox, Flash, and IE cookies; browsing as well as uploading files or folders stored on the victim’s computer; and downloading code as well as running it. Additionally, the Trojan can wipe out system files as well as restart the infected system to prevent Windows from starting up.

Finally, SecureWorks reports that the new Bugat thus far is detectable by only 20 anti-virus scanners out of a total 51.

» SPAMfighter News - 16-02-2010

Websense Security Labs ‘ThreatSeeker Network’ has detected an ongoing scam which is sending malicious e-mails apparently from Google in responses to job applications.

The spam mail begins with the acknowledgement of recipient’s resume after which it thanks him for showing his interest in joining Google. The e-mail also explains that Google staff members will assess the resume and if they find matching vacancy in the company, they will revert to the recipient.

According to Websense, if the recipient didn’t apply Google for work, then he should understand that the e-mail is a fake. Another thing that raises suspicion about the e-mail is its attachment that contains both .zip and .exe extensions.

The e-mails appear extremely well-written as well as convincing by spoofing scrapes of Google’s real job application replies. Generally, unsolicited spam mails have spelling mistakes and grammatical errors that clearly suggest that the messages are unauthorized while the errors act like red flags. However, these e-mails’ texts are flawless, lending them a professional and convincing touch, particularly if the targeted person is a genuine applicant for Google job.

Ironically, all efforts are put to create clean-looking e-mails, but the scam becomes evident via an easily detected deceitful name, which tries to pose as a legitimate file type.

According to Websense, the e-mail attachment (malevolent payload) hasn’t been caught the notice of most anti-malware software.

Job related online scams are common on Internet, but they have increased in number along with a multiplicity of victims since the global recession. Cyber criminals have been targeting vulnerable people and the problems of law enforcement to track down the miscreants have emboldened the crooks as they chase job-seekers much more vigorously now.

The security experts have explained that authorities can perform no more than documenting incidents. Hunting down culprits is nearly impossible as cyber criminals use proxy domains and networks, causing an un-ending scale of jurisdictional impediments.

Finally, Websense suggests that job-seekers should remain utterly cautious while browsing through recruitment sites so they don’t become victims of scam.

» SPAMfighter News - 09-02-2010