ALL >> Computers >> View Article
Criminals Are Still Using Malware To Attack Online Users
Zeus malware still continue to evolve despite many recent arrests. Recently, the infamous Zeus malware package has begun an attack campaign targeting financial investors.
Security vendor Trusteer said in a recent report that samples of the malware have been spotted in connection with URS Investment Fund, a phony investment site which seeks to trick users into uploading money transfers to an account controlled by the attacker. The attack utilizes the ability of Zeus to locally alter HTML files on infected machines, allowing attack code to be presented on otherwise safe web pages. In this case, the malware has been injecting pages with phony banner ads attempting to lure users to the URS Investment Fund scam site.
New capabilities are strengthening the Zeus botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC. Zeus v.1.3.4.x has ...
... integrated a powerful remote-control function into the botnet so that the attacker can now "take complete control of the person's PC," says Don Jackson, director of threat intelligence at SecureWorks, which released an in-depth report on Zeus this week.
The UK government systems also fall victim to a Zeus Trojan attack; Foreign secretary William Hague has confirmed that. In late December, spoofed emails claiming to come from the White House bypassed government filters and infected systems with a variant of the Zeus information-stealing Trojan, Hague told the Munich Security Conference on Friday. The emails directed users to click on a link, which downloaded a variant of the Zeus Trojan, said Hague.
MessageLabs, which filters emails for the UK government, had not responded to a request for comment at the time of writing. The Cabinet Office, which oversees government cyber security efforts, had also not responded to a request for comment. Hague said the UK government wanted to host a cyber security conference in the summer "to explore mechanisms for giving [cyber] standards real political and diplomatic weight."
Zeus is also very capable of exploiting BlackBerry smartphones. Trend Micro, a security solutions provider, claimed the Trojan seems to target specifically the SMS feature of the Blackberry. The Trojan maybe in the form of an application, once installed sends a confirmation message to the hackers that transmitted the Trojan, to signal that it is ready to receive commands. Once the Trojan sender or the hacker sends a confirmation message, the Trojan can view, delete and forward SMS’s, block calls, change the administrator on the device and block phone numbers. It sends all data on the phone to the hacker in the event that it gets shut down.
Zeus attacks have been continually evolving over the last 12 months, according to one expert. Amit Klein, chief technology officer at Trusteer, has warned that such attacks are evolving and remain a major concern for the IT security industry. 'In conjunction with this trend, what we see is more and more sophistication and craftsmanship around the HTML injections themselves.' According to a recently released report by Trusteer, Zeus continues to be a thorn in the side of the IT security industry despite having been around for four years.
The number of cyber attacks is only going to increase if organizations fail to pay attention on the vulnerabilities of their network security. Organizations need to implement robust Internet security initiatives to protect their network and their customer’s information, including hiring highly trained information security experts in order to avoid security breaches. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of highly technically skilled information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics training, Application Security, Advanced Network Defense, and Cryptography. These highly technical and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected EC-Council Authorized Training Centers.
About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other information security training programs offered in over 84 countries around the globe. EC-Council has trained over 90,000 individuals in technical security training and certified more than 40,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals.
Add Comment
Computers Articles
1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise ServersAuthor: Server Tech Central
2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp
3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing
4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp
5. How To Start Your Website Redesign Project?
Author: brainbell10
6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam
7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp
8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp
9. How To Setup And Create Instagram Ads?
Author: brainbell10
10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap
11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10
12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10
13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp
14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10
15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp






