720-891-1663
Return to the list of client alerts
Traditional malware tries to sneak in the backdoor undetected. If it does get you to authorize the installation, it does so covertly, in a way that you don’t know that you are authorizing it. It then does its best to make itself invisible to the naked eye so you don’t know that it is there.
Once it is in there it will steal credentials, steal data, redirect you to bogus sites, etc.
This malware is different.
RIGHT NOW this software is masquerading as banking software, but give it a few months and it will morph. The idea is brilliant and there is no reason to limit it to banking.
IBM researchers found it and have named it CamuBot.
TODAY, it is being seen in Brazil, but don’t count on it to stay there.
The hackers start by figuring out who uses what bank. I can’t show you a Wells page if you are a Chase customer. Lets say you are a Wells customer. The software will then trick you using any number of traditional methods to go a web page and that web page, in this case, looks like the Wells web site. Maybe they do it via a phishing email; maybe through poisoning your DNS. Lots of different methods.
Once you are there, the page will try to convince you that as a Wells customer, you need this new security module in order to continue to do online banking. Of course, you don’t and the site doesn’t belong to Wells, but they are trying to trick you.
If they succeed at their con, you will install their software and not think anything about it because, in your mind, it belongs there. Once the software is installed, it could, for example, intercept legitimate banking sessions and do things in the background that you don’t detect. In that case they run the attack from your PC, so there is nothing suspicious to the bank as there would be if the malware captured your password and sent it to Russia. If they try to log in from Russia, the bank will likely stop that.
Once the base software is installed, it can download and install more software in the background. The possibilities, as they say, are endless.
In some enterprises they have locked down the computers so the end user cannot install any software. That should effectively stop this type of attack, but most companies don’t do that because of resistance from the users.
If users are trained to watch for this attack it is pretty easy to stop.
This is a generalization of the “gee, we have a new update for Acrobat” or for Flash or whatever. Similar concept, different specifics.
Train your users to be alert because it will be coming their way, soon. No doubt with some kind of twist.
Source: ZDNet