Home / Blog
Written by: 10/4/2010 10:30 AM
Whether or not you are aware of it, you have probably been the target of a phishing attack. The most recent example in my own inbox came from the “F.B.I. Boss In Charge” at Kotoka International Airport in Ghana regarding a consignment of $200 million USD and 450kg in gold bars: all I have to do is pay shipping and handling, and a small processing fee, and it can all be mine. Let me get my credit card... NOT! I almost can't feel sorry for anyone who falls for such an obvious con as this.
But what about something less obvious? What if you got an email that looked like it came from your bank's IT admin, and instead of asking for money, all the sender wants you to do is click the link and run an update or verify authentication credentials?
The link, of course, is bogus; the site infects the visitor with the Zeus Trojan, which steals online financial credentials. In one of the most recent scams (which resulted in $3 million or more in bank theft), the Trojan allowed hackers to collect sensitive data—passwords, PII, account numbers—in real-time, as the victim typed in the information. Victims who believed they had a legitimate connection to their bank were actually offering up their sensitive information directly to the Trojan.
DarkReading reports:
Zeus traditionally has been one of the more difficult malware variants for some antivirus programs to detect: According to recent data from Trusteer, Zeus is detected only 23 percent of the time by up-to-date antivirus applications. It's also hard to kill because it hides itself so well in the operating system.
Take heed: if something colorful and sparkly is dangling in your inbox, don't bite.
Read more about it here:
http://darkreading.com/security/attacks/showArticle.jhtml?articleID=227501125
0 comment(s) so far...