Tag Archives: Mr Boodaei

Businesses at risk from updated data harvesting malware

Security experts have discovered that a new strain of the Bugat malware has been developed by cybercriminals to target small and medium sized businesses with data theft attacks that can leave them exposed to financial fraud.

Bugat was originally unearthed in early 2010 and was noteworthy for its similarity to the ZeuS botnet tools. However, thanks to swift action by security firms, it was neutralised before it could get a foothold.

Now it seems that criminals have revived Bugat but altered its coding so that it is much harder to detect its presence and neutralise its effects. The result is a serious threat to businesses and Trusteer has even found links between the malware and the recent spate of attacks against users of business-based social networking site LinkedIn.

If the Bugat malware makes its way onto a computer it is able to burrow into any web browser programs, including Internet Explorer and Firefox. From here it will monitor the browsing habits and then harvest data whenever the user accesses their online banking service, passing on this extremely sensitive and valuable information to be used in defrauding firms.

Trusteer believes that significant losses could result from this new form of the Bugat malware. It also says that the chance of infection is three times higher for businesses based in the US, but warns that European businesses should still remain vigilant in order to keep completely out of harm’s way.

Trusteer’s Mickey Boodaei said that by altering and ameliorating the capabilities of malware such as Bugat and ZeuS, the cybercriminal factions are becoming better at evading the protection offered by security software.

Mr Boodaei even went as far as to call the battle with criminals an ‘arms race’ and said that the latest tactics seemed to suggest that many are abandoning the use of mainstream, well known malware, in favour of more uncommon variants, which gives them a higher chance of successs.

The data harvesting carried out by various botnets and malware programs is seen as a serious issue by most and businesses are advised to keep their security software up to date in order to stand the best chance of avoiding infection.

Zeus botnet 2.0 targeting UK users

Businesses and individuals are at risk of serious data loss and security breaches as a result of a new botnet running on the Zeus 2.0 platform that is gunning for internet users based in the UK, according to security vendor Trusteer.

The main aim of the botnet is apparently to harvest data that will allow cybercriminals to defraud victims of their financial assets and although the attack is set to target banking logins, it will steal other data indiscriminately, which means its potential for disruption and damage is huge.

Trusteer’s CEO Mickey Boodaei said that the botnet was primed to steal credit card details and online banking access codes, but also warned that it would harvest personal data relating to employment and business location, allowing the cybercriminals to launch attacks against businesses and gain access to internal systems.

Mr Boodaei said that the botnet was only being exploited in the UK, which means that it is likely to wreak havoc if allowed to spread domestically. It will steal cookies and passwords to FTP and VPN services, meaning that those who are impacted by it may leave themselves and their employers totally exposed.

Trusteer’s Amit Klein said that firms and individuals should be most concerned about the fact that the botnet can harvest much more than banking login details, as the wealth of information being targeted could put the cybercriminals in a great position of power.

Not only is the botnet sophisticated in its function, but it is also incredibly easy for its operators to draw specific pieces of data out of the mass that is set to be harvested. Its integrated search engine echoes the usability of mainstream sites like Google, according to Mr Boodaei and so the criminals will be able to target individuals or specific businesses with relative ease.

Trusteer discovered this Zeus 2.0 botnet variant during an in-depth investigation that has taken more than half a year and it believes that although the Zeus 2.0 platform is in use elsewhere, this is one of the few examples that relies completely on it.

UK financial data targeted by malware campaign

A deviously implemented malware campaign has been detected in the UK. It has been targeting the private financial information of thousands of users whilst simultaneously staying off the radar of most mainstream anti-virus software vendors.

Anyone who regularly banks online is at risk from the malware, which has the ability to harvest passwords and customer numbers which then can be used to make transactions within an individual’s account which seem legitimate to the bank, but are actually the work of criminals.

One out of every 500 computers in the UK is infected with the Silon.var2 malware, whilst one in 5000 has Agent.DBJP onboard, according to security firm Trusteer. This penetration level is much lower than in the USA, but as a result of the regional, small scale targeting it has been much harder for the large security vendors to react to what seems to be a limited, local issue.

Two botnets based in the UK have also been identified and the specificity of these is equally troubling, as UK banks seem to be the only target, with UK-based computers being harnessed to make the attacks. This tactic is another that aims to circumvent the conventional malware detection process of anti-virus firms and it seems as though the criminals have been able to work around many security systems that would usually guarantee the protection of personal data.

The group behind this malware are targeting UK citizens through spam campaigns which centre around local issues, as well as piggybacking on formerly legitimate websites which have become compromised.

Trusteer’s Mickey Boodaei said that a small number of UK banks were being targeted by the current campaign, with between three and seven being hit at the same time, as opposed to the hundreds of financial institution which can be targeted by the better known data theft tools which are thus largely defeated by the anti-virus vendors.

The small group of target banks are repeatedly attacked for up to nine months at a time, according to Mr Boodaei, before the focus of the criminals changes and the malicious software evolves.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal