Network World reported yesterday that one of the more sophisticated pieces of malware in circulation has been given an upgrade that lets cybercriminals act even faster after they've stolen data from a PC. The Zeus Trojan uses an instant messaging component that alerts hackers immediately when they've captured someone's authentication credentials. That enables the fast use of time-sensitive information, such as one-time passwords now often employed in online banking.
Apparently, Zeus isn't the first piece of malware to employ instant messaging, since another password-stealing program called Sinowal was found to be using it as well in 2008. Once on a PC, Zeus sends log-ins and passwords to a remote server, which the hacker must then access and sort through. Several variants of Zeus have a Jabber instant messaging module. The hackers set up two Jabber accounts, one to send information and one to receive. When Zeus obtains log-ins, it sends them to a remote server. The Jabber module then looks for credentials for specific financial institutions and then transmits the information to the hacker by instant message.
It's estimated the number of computers in the U.S. alone infected with Zeus was at around 3.6 million computers, making it one of the most prevalent malicious software programs and a very large botnet.
Users can be infected if they haven't installed the latest security patches on their computer and visit a Web site through a drive-by download (one that happens without needing the end-user to click on or do anything on the website). Zeus may also be inadvertently installed on a computer if a person is tricked into opening an e-mail attachment containing Zeus.
It's estimated from Zeus Tracker that there are now 802 malicious hosts with Zeus. All this is a good reminder to make sure you browse safely (with a proxy) and that your proxy has up to date anti-malware and URL lists.
Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.
Wednesday, September 2, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment