Security experts have warned businesses against a new Bredolab Trojan Campaign, which is targeting companies, which post job vacancies on legitimate online job portals. Cybercriminals respond to the job advertisements through e-mail applications. The e-mail applications have attachments laden with malware. When a designated employee of the company advertising the job opens the attachment, the malware is downloaded into the computer and malicious code is executed.
The Trojan allows the criminals to extract confidential information such as online banking credentials used for making transactions for the business.
Bredolab Trojan is widespread in United States and has also been identified in Canada, India and Australia. The Trojan is distributed through drive-by downloads and malware laden e-mail attachments. In case of the former, malware is downloaded into victim's computer when he or she visits a legitimate website and clicks a link infested with a malicious code. Security flaws on websites and web applications may go undetected if organizations do not conduct regular security evaluation. Attackers exploit vulnerabilities to install malicious codes on web pages. Usually, organizations avail the services of a penetration tester to test the security holes in web applications and networks.
Cybercriminals were able to steal funds worth $150,000 by using Bredolab Trojan to attack companies advertising jobs on job websites. Security firm Symantec has identified the Trojan as a variant of Bredolab related to Zeus, the notorious banking Trojan. The automated Bredolab Trojan attacks use social engineering to trick users to believe that e-mail is from a legitimate source.
Some of the other Bredolab Trojan attacks identified include Facebook password change e-mails, UPS delivery failures, shipping confirmation e-mails and free money transfer e-mails.
The Facebook password change tricks users into believing that their Facebook account password has been changed due to safety concerns and the same can be found in the attached document. When unwary users open the attachment, an executable file downloads the Trojan and installs a fake anti-virus program strikingly similar to Microsoft Security Essentials. To avoid suspicion the document also downloads and opens a word document. As social networking sites are now used for business purposes, organizations must conduct huddle sessions and IT training workshops to make employees aware of the threats in the IT environment.
Ironically, the new chain of Trojan attacks comes months after Dutch counter crime agencies shut down over 140 command and control servers of the Bredolab botnet.
Internet users must not open e-mail attachments from unknown sources. They must also vary of replying to e-mails with suspicious content. Online training and video programs may help create awareness on the security threats among Internet users. Organization must categorize computers used for financial and routine business activity to reduce loss of sensitive information.
0 comments:
Post a Comment