A simple commercial keylogger that is distributed has small and medium businesses worldwide millions of euros cost via e-mail attachments, claims the Japanese anti-virus company Trend Micro. It is the HawkEye keylogger offered on the Internet for a few bucks.
Once active, the keylogger is used to steal passwords from the browser and email client. This data is via e-mail, FTP and web panel sent to the attackers. With the stolen passwords to the email accounts of corporate executives, including the CEO and CFO acquired. Then there via the hijacked email accounts, a payment order sent to the accounting. This scam is also known as "Business Email Compromise" and would have caused worldwide last year to a loss of 216 million dollars.According to the FBI and Secret Service more and more American companies are affected by the fraud. The reason for the investigation services to a warning to deliver.
For the dissemination of the keylogger to send .exe and .zip files that are supposedly an invoice, purchase order or quote. In some cases, the criminals make first contact with the companies. Only after several e-mail exchanges, the keylogger will be sent. According to Trend Micro, the majority of victims of HawkEye in India, followed by Egypt and Iran. These are companies in different sectors, but mainly goods, transportation and manufacturing. It also appears that most companies are accessed via info @ email address.
Trend Micro made a report ( pdf ) on HawkEye which also analyzed two Nigerian cyber criminals using the malware. According to the researchers HawkEye seem a simple keylogger, but is motivated cyber criminals more than sufficient to carry out malware attacks. Also by other security HawkEye was recently investigated as iSight Partners . The research shows that this security be used for the dissemination of keylogger files invoice.exe, payment and purchase slip.exe order.exe. ISight also argues that most victims are in India, but also see a lot of infections in Italy, the United States and Turkey. Furthermore, there are also infections observed in the Netherlands.
No comments:
Post a Comment