Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":488,"date":"2016-12-09T15:37:48","date_gmt":"2016-12-09T15:37:48","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=488"},"modified":"2019-04-17T11:40:28","modified_gmt":"2019-04-17T11:40:28","slug":"just-in-time-for-the-holidays-cutwail-and-zeus-deliver-holiday-doom","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2016\/12\/09\/just-in-time-for-the-holidays-cutwail-and-zeus-deliver-holiday-doom\/","title":{"rendered":"Just in Time for the Holidays, Cutwail and Zeus Deliver Holiday Doom"},"content":{"rendered":"

$\"Zeus--greek-mythology-687267_1024_768\"$
\nAs the holiday season looms near, many of you are probably scrambling to get your shopping done. If you\u2019re particularly shrewd and adventurous, then you probably did most of that shopping online. Kudos to you. But when you combine the holidays with the online world, there\u2019s always a danger that there\u2019ll be more than bundled glee under the Christmas tree. Some presents, like socks, were meant to be opened on Christmas day, even if they aren\u2019t that interesting. Some, like Fifty Shades of Grey<\/em>, are best dumped in the trash before they have a chance to rot your mind.<\/p>\n

And others should never, ever be opened, lest you open up a serious can of whoop ass on your computer systems. That\u2019s the warning we all need to heed this year, as a new spam campaign is being delivered by the notorious and pervasive Cutwail botnet. Several sources<\/a> reported this week that the folks at Dell SecureWorks Counter Threat Unit have discovered a nasty little package delivered by Cutwail to inboxes everywhere, and it carries with it a nasty little elf better known as the Gameover Zeus banking Trojan.<\/p>\n

\u201cThe spam message is made to look like it comes from many of the top U.S. banks. It reads: \u201cYou have received a new encrypted message or a secure message from [XYZ] Bank.” The spam message encourages recipients to download an attachment and register for a new system designed to protect privacy and personal information. Instead the attachment contains the Pony downloader, which installs the banking malware,\u201d SearchSecurity reports.<\/p>\n

Elizabeth W. Clarke, a Dell SecureWorks spokesperson, told SearchSecurity that \u201cthe Cutwail botnet only needs to employ approximately 10,000 bots per spam campaign to send out hundreds of millions of malicious spam messages to computer users all over the world.” Santa Claus it\u2019s not, but it\u2019s more than enough to deliver holiday misery to unsuspecting users across the world this holiday season.<\/p>\n

The Gameover Zeus botnet is one of the largest around with more than 678,000 infections. But it\u2019s not your father\u2019s botnet. Rather than utilizing the standard command and control (C&C) server paradigm, Zeus is a peer-to-peer botnet. Dell SecureWorks points out<\/a> that Gameover is very troubling, because that peer-to-peer design makes taking it down a virtual impossibility. And because it\u2019s privately operated, variants aren\u2019t available on criminal hacking forums. Without the ability to pick up a variant, researchers, security firms, and law enforcement officials can\u2019t get their hands on the Trojan to reverse engineer it.<\/p>\n

The pesky little thing, in fact, has been \u201cdetected on corporate systems and systems at universities, defense contractors and government agencies,\u201d SearchSecurity reports. Researchers have apparently detected multiple variants of the email spam, with the common theme of encouraging users to open the attached file, listen to a voicemail message, or register for a new privacy system. Dell SecureWorks has some good, if not obvious, advice, though: train your workers to never, ever open an email attachment or click a link, even if they recognize the sender of the email. Clark cautions \u201cAlways verify that the sender sent the email. Additionally, update your IPS\/IDS countermeasures and firewalls to detect the latest threats.\u201d<\/p>\n

According to Kaspersky ThreatPost<\/a>, \u201ca Dell SecureWorks spokesperson stated that as a point a policy Dell does not name victims involved in scams but said they are top U.S. banks.\u201d<\/p>\n

SearchSecurity notes that the Zeus Trojan<\/a> has presented a major headache for banks and other financial firms, \u201cwith different variants infecting customer systems attempting to dupe individuals into giving up their account credentials. New variants of Zeus<\/a> are frequently detected by researchers. The issue has become such a problem that Microsoft took legal action to disrupt some Zeus botnets<\/a>. But despite a few victories, cybercriminals continue to recover their operations.\u201d<\/p>\n

But just in time for Christmas, it gets worse. The criminals behind the Gameover Zeus botnet are considered to be the most devious and aggressive, apparently implementing a system that\u2019s elaborate and smacking of organized crime. They recruit money mules to drain US and European bank accounts and employ a number of nasty tools, like the automated features of the BlackHole<\/a> Exploit toolkit, and DirtJumper<\/a>, which is being used to deliver distributed denial of service (DDoS) attacks on financial institutions while bank accounts are being emptied.<\/p>\n

As the holidays near, most of us hope for a little quiet time with family, a lot of holiday cheer and good food, and hopefully, a little global peace. What we don\u2019t hope for is total financial ruin and the disasters associated with this lump of coal-inspired atrocity. Keep safe this holiday season and leave some packages unopened.<\/p>\n","protected":false},"excerpt":{"rendered":"