Video Screencast Help
Security Response
Showing posts tagged with Trojan.Zbot
Showing posts in English
Lionel Payet | 22 Aug 2014 10:17:15 GMT

automobile-sector-concept.png

Contributor: Mark Anthony Balanza

As a successful business sector, the automobile industry is an attractive target for cybercrime. The automobile industry is composed of a multitude of businesses ranging from manufacturers and sellers to garages offering maintenance and repair. Earlier this month, we observed a spam campaign that targeted several small to medium sized companies within the automobile industry in Europe with Infostealer.Retgate (also known as Carbon Grabber).

The Carbon Grabber crimeware kit first appeared on underground forums earlier this year. Crimeware kits are not new and since the Zeus (Trojan.Zbot) malware’s notoriety,...

Symantec Security Response | 15 Aug 2014 19:24:03 GMT

image1_25.png

News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims. Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.

Malware and phishing campaigns
The first campaign is fairly simple. Attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.

In the second campaign, cybercriminals send out an email that impersonates Etisalat, a telecommunications service provider in the United Arab Emirates with footprints in 18 countries across the Middle East,...

Symantec Security Response | 16 Jul 2014 23:01:43 GMT

Despite Japan's isolated adoption of unique and sometimes incompatible technological standards, often described as Galapagosization, the country still seems to be open game when it comes to banking malware. Attacks on online banking are nothing new in Japan and the country has dealt with several prominent cases in the last year. For instance Infostealer.Torpplar targeted confidential information that was specific to Japanese online banks and credit cards, and variants of Infostealer.Bankeiya utilized various methods including zero-day vulnerabilities and exploit kits to target Japanese users. Japan's National Police Agency reported that US$11,840,000 was stolen in 2013 as a result of cybercrime and, as of May 9, 2014, US$14,170,000...

Symantec Security Response | 02 Jun 2014 14:33:16 GMT

The FBI, the UK's National Crime Agency, and a number of international law enforcement agencies have significantly disrupted two of the world’s most dangerous financial fraud operations: the Gameover Zeus botnet and the Cryptolocker ransomware network. Working with a number of private sector partners, including Symantec, the FBI has seized a large amount of infrastructure used by both threats. On the back of this operation, Symantec has released a new tool that victims can use to completely remove Gameover Zeus infections.

fixtool_link.png

Gameover Zeus is responsible for millions of infections worldwide since its inception...

Peter Coogan | 05 Mar 2014 14:24:53 GMT

Darwinism is partly based on the ability for change that increases an individual’s ability to compete and survive. Malware authors are not much different and need to adapt to survive in changing technological landscapes and marketplaces. In a previous blog, we highlighted a free Android remote administration tool (RAT) known as AndroRAT (Android.Dandro) and what was believed to be the first ever malware APK binder. Since then, we have seen imitations and evolutions of such threats in the threat landscape. One such threat that is making waves in underground forums is called Dendroid (Android.Dendoroid), which is also a word meaning something is tree-like or has a branching structure.

...

Christian Tripputi | 07 Feb 2014 13:13:29 GMT

The biggest bank robbery of all time was identified in Brazil in 2005. In this case, a gang broke into a bank by tunneling through 1.1 meters of steel and reinforced concrete and then removed 3.5 tons of containers holding bank notes. This heist resulted in the loss of about 160 million Brazilian dollars (US$380 million).

Robbers today, however, don’t have to bother with drilling through walls to steal money. They can rob a bank while sitting comfortably at home behind a computer. Thanks to cybercrime, organizations have suffered financial losses in the order of millions. The Symantec State of Financial Trojans 2013 whitepaper shows that banking Trojans are becoming more prevalent. Apart...

Symantec Security Response | 14 Jan 2014 08:02:58 GMT

We recently encountered a website of a major Japanese book publisher and distributor, of books, magazines, comics, movies, and games, injected with a malicious iframe leading to another website hosting an exploit kit.

As far as we know, at least three files on the book publisher’s site were compromised.

 figure1_6.png
Figure 1. Malicious iframe found on publisher’s site

The malicious iframe was present across multiple pages including the homepage. Our telemetry shows the first potential victim visited the site at approximately 22:00 PST on January 5, 2014 (15:00 JST on January 6, 2014). The security issue was not fixed until late on January 8, PST (in the evening of January 9, 2014 JST).

The malicious iframe loads another website, hosting an exploit kit, as soon as a user visits the book publisher’s site. The exploit kit...

Symantec Security Response | 06 Dec 2013 22:34:41 GMT

Cybercriminals are constantly looking for ways to evolve their malware. Evolution is the key for survival because antivirus research, analysis, countermeasures, and public awareness thwart the efficacy of malware and its spread. During the past year, Ransomware has received a lot of news coverage which has decreased the number of uninformed victims and lowered the impact and effectiveness of the malware along with the percentage of return to the criminal.

Due to this increased public awareness, in the last quarter of 2013 we have seen cybercriminals reorganize around a new type of extortion: Cryptolocker. This threat is pervasive and preys on a victim's biggest fear: losing their valuable data. Unlike previous Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because there is no way to...

Symantec Security Response | 22 Nov 2013 00:12:26 GMT

Fake AV 1 edit.png

Contributor: Joseph Graziano

A new clever way of social engineering spam is going around today that attempts to trick users into running malware on their computers. The methods malware authors are using include emails pretending to be from various antivirus software companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for their antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as...

Satnam Narang | 18 Nov 2013 23:04:38 GMT

Last week, the United Kingdom’s National Crime Agency (NCA) warned that tens of millions of customers were being targeted by the Cryptolocker malware through a mass spam campaign.

According to the alert, millions of UK customers received malicious emails, but the primary targets seem to have been small and medium businesses.

A recent Symantec blog examined a threat named Trojan.Cryptolocker and how it is an aggressive evolution of the ransomware family of threats. Cryptolocker thrives by encrypting files on a victim’s computer and holding the decryption key for ransom. Interestingly, Symantec...