Posts Categorized: Phishing Trojans


Game Trojans’ Biggest Tricks in 2010

by

By Andrew Brandt and Curtis Fechner It’s appropriate that this year’s Blizzcon, the two-day celebration of all things World of Warcraft, takes place during National Cyber Security Awareness Month. No other game is as heavily targeted by thieves as WoW, so we thought this would be as good a time as any to run down some of the malware threats that face gamers. 2010 has been a big year for Trojans that steal game passwords or license keys. The people who create malware targeting online games show no signs of relenting, nor are they laying down on the job. Innovation […]

Continue Reading »

WoW Patch Brings Out the Malware Trolls

by

Last week, Activision/Blizzard released a long-anticipated patch for its immensely popular game, World of Warcraft. While I don’t play this game, a number of our Threat Researchers do, and they’ve been on the lookout for shenanigans. Curtis Fechner found a doozy. The update comprises a major overhaul of many core systems within the game, affecting the graphics engine, game rules, player abilities, and also the interface. Many players use downloadable, player-created add-ons to further customize the appearance of the user interface; Patches as comprehensive as this one mean that many of the old add-ons simply won’t work until the add-on’s […]

Continue Reading »

Patchy Phisher Forces Firefox to Forego Forgetting Passwords

by

Every browser can, at the user’s discretion, be set up to remember passwords. In general, Webroot advises most users not to set the browser to store login credentials, because they’re so easily extracted by password-stealing Trojans like Zbot. In Firefox, for example, you can click Tools, Options, then open the Security tab, and uncheck a box that tells the browser to remember passwords entered into Web forms. (The box is checked by default.) But in the course of taking a more thorough look at a Trojan that came to our attention in July, we were surprised to see the Trojan […]

Continue Reading »

Fake Flash Update Needs Flash to Work

by

If you live in the US, you may have played sports, barbequed, or enjoyed the last long weekend of the summer outside doing something fun outdoors. Unfortunately, that wasn’t an option here in Boulder, where a large wildfire generated a thick plume of smoke and ash. So, what’s a malware analyst to do indoors on a beautiful day with toxic smoke outside? Why, spend some quality time with Koobface, of course. I took a closer look at the worm’s behavior and also noted that, since the Migdal keylogger site went dark for the Koobface crew, they’ve switched to using a […]

Continue Reading »

Pro-Israel Website Receives Passwords Stolen by Koobface

by

Is the team behind the Koobface worm taking a stance on the Israeli-Palestinian peace talks, or is this notorious worm’s most recent, bizarre twist just a coincidence? We’ve seen Koobface hijack legitimate Web sites for more than a year, using them not only to host malicious payload files, but also to work as proxy command-and-control servers for the botnet. One such hijacked Web domain, migdal.org.il, popped up in a number of blog posts and on Web sites which list the domains used to host malware, as far back as this past May, when the Koobface crew began using a slew […]

Continue Reading »

A Cave Monster from Hell Wants Your Financial Data

by

A novel and pretty sneaky Trojan designed to steal financial data appeared on our radar screen last week. The Trojan, once installed on a victim’s computer, rootkits itself to prevent detection, then watches the victim’s browser for any attempt to connect to the secured, HTTPS login page of several online banks. When the victim visits the login page the Trojan has been waiting for, the Trojan generates a form that “hovers” over the login page asking for additional verification information. “In order to provide you with extra security, we occasionally need to ask for additional information when you access your […]

Continue Reading »

“Fingerprint” Helps Identify Malware Authors

by

The Threat Research group sat in on a talk by HBGary CEO Greg Hoglund yesterday where the regular speaker discussed some research he’s been doing over the past year that he hopes will help connect malware samples to known groups of malware creators. While that sounds promising for law enforcement, it’s actually not as helpful for tracking down originators of malware for prosecution as it is for security researchers to preliminarily group and classify the masses of outwardly-dissimilar Trojans we see every day. In most conventional methods of classification, researchers look for programmatic similarities or behavioral characteristics as a way […]

Continue Reading »

Weird Malware on Display at Black Hat

by

I’m at the Black Hat Briefings this week, the annual confab of the best and brightest in computer security, catching up on the trends and tricks malware authors and data thieves employ. I just saw an impressive demo by a pair of security researchers who took a deep dive into the behaviors of four pieces of highly targeted malware. The researchers, Nicholas Percoco and Jibran Ilyas of Trustwave, ran a live demonstration of four Trojans designed to steal sensitive information and surreptitiously exfiltrate that data to the criminals. Three of the Trojans had been found installed on the servers of […]

Continue Reading »

Beware Spam With HTML Attachments

by

When it comes to spam messages, conventional wisdom dictates that you shouldn’t follow links or call phone numbers in the message, order products from the spammer, or open files attached to the email. We all should know by now that you should never open attached executable files, and spam filters now treat all .exe files as suspicious. When spammers began flooding inboxes with .zip files containing executables, we caught on pretty quickly as well. But HTML isn’t executable — it’s just plain text — so does that mean it’s safe to open attachments when they’re just HTML files? Hell no! […]

Continue Reading »

WoW Expansion Beta Likely to Spawn Phishers, Scams

by

Blizzard’s announcement today that they will begin a closed beta-test for the latest expansion pack is likely to generate a lot of excitement among that particularly low breed of online criminals who steal the fruits of other people’s entertainment when they commandeer passwords for other players. While it’s hard to believe that most players of online games aren’t aware of the profusion of phishing sites attempting to steal logins, the problem clearly isn’t going away, so the warnings remain the same: Keep a close eye on your browser’s Address Bar, and make sure you’re really logging into Blizzard’s Web site, […]

Continue Reading »