Banks and other financial institutions have put in stricter controls in an attempt to minimize losses that phishing attacks cause. Cybercriminals have not taken this sitting down by producing a new tool to automate online banking fraud — automatic transfer systems (ATSs).
In the past, malware families like ZeuS and SpyEye used Webinject files to modify the websites of targeted organizations such as banks. A Webinject file is basically a text file with JavaScript and HTML code that contains the code ...
Dutch users were recently targeted in a website compromise that involved a popular news site in the Netherlands, nu.nl. The site was compromised and modified to load a malicious iframe that resulted to visitors’ systems being infected with a SINOWAL variant.
Trend Micro researcher Feike Hacquebord says that considering the different characteristics of this attack, it seems like it was specifically designed to affect Dutch users. Aside from the affected site being one of the most popular sites in their country, ...
In recent years, we have seen client-side software heavily targeted by hackers in search of vulnerabilities. 2011 saw these threats become more complex and sophisticated. We saw attackers increasingly use zero-day vulnerabilities, some of which have been particularly critical. Examples of these include the vulnerability Duqu exploited (CVE-2011-3402); a Java vulnerability (CVE-2011-3544); or Adobe zero-day vulnerabilities, which were exploited in the wild.
The exploit attacks we saw this year were targeted, original, sophisticated, and well controlled.
Among the applications most targeted in the wild ...
We have found evidence that the human rights organization found affected by a website compromise is not the only intended target for the attack.
The website was said to have an iframe that redirected users to another compromised site in Brazil. The site executed a malicious Java applet detected as JAVA_DLOAD.ZZC. JAVA_DLOAD.ZZC leverages a vulnerability in Java CVE-2011-3544 to install TROJ_PPOINTER.SM, which in turn drops BKDR_PPOINTER.SM. BKDR_PPOINTER.SM connects to a certain URL to send and receive commands from the attacker. It ...
A recent report by Symantec documented a campaign of targeted malware attacks that began as early as April 2011 and continued up to October 2011. During this time, the attackers managed to compromise at least 100 computers around the world. This report illustrates some of the key findings in our latest white paper, Trends in Targeted Attacks.
Targeted Campaigns
Targeted malware attacks are rarely isolated events. It is more useful to think of them as campaigns – a series of failed and ...
