One of the most common trends among the technological viruses and infections, is the phishing , or phishing in companies, brands, and now, in applications.
From end of 2014, more and more campaigns malware that are entering the e-mail attachments using Word documents and PDF files as a means of attack macros downloading infected files.
Recently RSA, a security company, released information on the Trojan applications built into Word documents, disguised as attachments and PDF files that are implemented as soon as the victim clicks on the link embedded file.
Investigating this trend, intelligence analysts from the agency discovered an Excel spreadsheet containing free movement in a series of alleged JPEG images as “attachments” in the data sheet .
The latter, distributed as a file named “chika” apparently contain attachments and includes activation buttons to open them. Once you click a button, a message will ask the victim to enable macros in Excel appears. As you enable the macro, communication with the server it is activated and file infection that installs the Trojan application Pony Stealer on the victim machine downloads.
Pony Stealer is a programmed application to steal other passwords such as instant messaging, FTP clients, Web browsers, users email and Windows CD keys. In this way, the malware steals all sets of credentials submission forms, including those used in portals online banking, as part of their routine data theft. Pony Stealer also acts as a charger for other Trojans, downloading and implementing other elements of malware as banking Trojans to facilitate the theft of financial credentials and information about online banking. They are usually found on the same servers C & C in a Zeus botnet is implemented
Kits exploitation
A kit of exploitation, sometimes called exploitation package is a set of tools that automates exploiting vulnerabilities on the client. In other words, these kits exploit weaknesses in software applications of computers of end users to spread malware. They usually target browsers and a website can be invoked through a browser. On the other hand, among the most common targets of recent years, they are detected vulnerabilities in Adobe Reader, Java Runtime Environment and Adobe Flash Player.
Most software vendors distributed patches and updates hardly new vulnerabilities are detected, but depends on end users and administrators ensure that these updates are applied system. According to recent surveys, at least one third of all active farms today were documented in 2010, and the fact that they remain in use indicates that end-users have not updated the computer software or applied patches that are available in a four years or more
On the front of fraud. Search and providers PII
Analysts RSA FraudAction intelligence detected a number of suppliers in the underground environment offering personal information and credentials for the UK; as dates of birth, passport information UK passport scans, complete sets of personal information, as well as “fullz” (full details of stolen credit cards along with personal identification information PII). These resources help the scammer to conduct fraudulent transactions involving social engineering to bypass authentication and authorization measures, and achieve their goal of taking money from data stolen credit cards and online accounts exposed.
No comments:
Post a Comment