Tuesday, January 10, 2012

FBI: 'Gameover' Malware Targets Bank Accounts Via Phishing E-Mails

http://www.fbi.gov/news/stories/2012/january/malware_010612/malware_010612

Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme involves spam e-mails—purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’ computers with malware and allow access to their bank accounts.

The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.”

Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.


---------------------------------------------------------------

Created several days ago? Mmmmm, maybe this specific DDoS variant, but Gameover has been out for a while.

Oct 10, 2011: ZeuS Gets More Sophisticated Using P2P Techniques
http://www.abuse.ch/?p=3499
You should watch out for the following strings in your web proxy logs, which are being used as dropzone for this ZeuS version (using HTTP POST):

/gameover.php
/gameover2.php
/gameover3.php

Since I’ve started to track this ZeuS campaign, I’ve collected more than 270 unique config files.
Nov 2011: DDoS Attacks Spell ‘Gameover’ for Banks, Victims in Cyber Heists
http://krebsonsecurity.com/2011/11/ddos-attacks-spell-gameover-for-banks-victims-in-cyber-heists/

Jan 4, 2012: ZeuS – P2P+DGA Variant – Mapping Out and Understanding The Threat
http://www.cert.pl/news/4711/langswitch_lang/en
In the autumn of 2011 we observed new malware infections, which looked similar to Zeus....In the new version of the Trojan, the authors focus on eliminating the weakest link – a centralized system of information distribution.

No comments:

Post a Comment