Not every threat on the web will be obvious to you. Very few will look like this evil looking ‘Spidey’ knock-off. Most will be very much more like your sweet old uncle or a really amazing looking young, beautiful co-ed that for some reason thinks you are her only reason for living! A look at some recent data will be helpful in understanding the nature of stalkers and other criminal ‘entrepreneurs.’ Beside the typical identity theft issues, persons like this young female may be attempting to use what is called legally as ‘undue influence’ where they step into a typically elderly person’s life who is lonely, less capable of decision making and they guide the decisions to their own benefit, often taking all the life savings and having the Last Will and Testament rewritten to their own advantage. SCI is going to review just a few one the issues currently hitting internet users which is called a new type of downloader.
The following report by Dr. Brett Stone-Gross and Russell Dickerson of the Dell Secure Works Threat Unit outlines a downloader threat that is currently loose within the cyber-world:
The Gameover ZeuS trojan, also known as Peer-to-Peer (P2P) ZeuS, is one of the largest and most sophisticated botnets involved in online banking fraud. The botnet operators are very well connected in the underground community, and they rely upon a variety of tools and services provided by other cybercriminals to run their operation. In particular, the group regularly uses the Cutwail spam botnet to lure new victims and the Pony Loader malware to steal credentials and download additional malware, including Gameover ZeuS. In August 2013, the Dell SecureWorks Counter Threat Unit™ (CTU) research team discovered that in addition to the Pony Loader, the group is using a new downloader known as Upatre to distribute its malware. The downloader has a small file size and is extremely simple, implementing its functionality entirely in a single function. It downloads and executes a file from a hard-coded URL over an encrypted Secure Sockets Layer (SSL) connection from a compromised web server and then exits. Figure 1 diagrams the malware distribution process.
The Gameover ZeuS botnet operators distribute both Pony Loader and the Upatre downloader through spam emails sent by the Cutwail botnet. Many lures have used social engineering techniques by impersonating financial institutions and government agencies to trick a victim into executing the malware. The spam emails have an embedded malware executable in a ZIP attachment, so user interaction is required to infect the system. Figure 2 shows an example spam email containing the Upatre downloader as an attachment.
Technical information can be found at: URL: http://www.secureworks.com/cyber-threat-intelligence/threats/analyzing-upatre-downloader/
SCI and the CTU research team advises organizations to remain vigilant and to deploy a defense-in-depth strategy that includes the following components:
- Educate employees about the dangers of clicking on links and attachments in emails.
- Filter email / scan email file attachment contents and consider blocking executable file types (including those found in ZIP attachments).
- Deploy advanced malware protection devices in-line with incoming email streams containing malicious file attachments as well as subsequent file downloads.
- Implement end-point controls on users’ computers to help limit opening of malicious file attachments and to catch malware installation / execution.
- Apply post-infection controls such as firewall policies, web proxies, file downloads over HTTPS, and associated log monitoring to identify anomalies.
- Keep antivirus, operating system, and browser software up to date.
This cyber-report is courtesy of Dell Secure Works at www.secureworks.com and is simply one of the threats that are currently out in the cyber-world preying on those who are browsing the web without the appropriate protecting software and without using some common sense in not opening emails with attachments that are suspicious.
Security Consulting Investigations, LLC is pleased to introduce SecCom 360 – a video/audio communications system that is web based yet 100 per cent safe, not only protected by what we have dubbed ‘above military grade’ secure encryption but also with Cyber Agents that guard each com-meeting to prevent hackers and other cyber interlopers.
Watch for further information from SCI as Sec Com 360 is launched for 2014!
SCI – Building for Tomorrow – Today!
Follow SCI at www.security-consulting.us under NEWS for recent cyber-world updates and current threats. InSCIghts also on www.security-consulting.us provides current issues in law enforcement, security concerns, and cyber-world threats as well as comment on international terrorism.
You can also reach SCI at 330-956-9561 or at firstname.lastname@example.org