light bulb

Did You Know?



Reply
Highlighted
Posts: 3,733
Topics: 2,203
Kudos: 2,971
Blog Posts: 0
Registered: ‎06-02-2014

Geodo infostealer gets help from worm

Author/ Zeljka Zorz HNS Managing Editor

 

The distribution potential of the infamous Cridex infostealer (also known as Feodo or Bugat) just went up a notch, as a new version of the malware works in conjunction with a worm that sends out emails with a link to download a zip file containing the trojan.


Initially distributed via removable drives, as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites, the threat is now delivered directly to users via their inboxes.

 

Help Net Security/ Full Read Here/ http://www.net-security.org/malware_news.php?id=2799

Community Leader

Posts: 3,733
Topics: 2,203
Kudos: 2,971
Blog Posts: 0
Registered: ‎06-02-2014

Infamous Banking Malware Adds Email-Sending Feature

By/ Kelly Jackson Higgins  Posted on 7/1/2014

 

Cridex -- a.k.a. Feodo and Bugat -- now has a more streamlined and automated way of infecting victims and stealing their information.

A new version of an infamous banking worm comes with built-in stolen email account and server credentials for automatic email worm attacks to continue its spread.

The so-called Cridex data-stealing malware, a.k.a. Feodo and Bugat, now has a more streamlined and automated way of infecting victims, researchers at Seculert found. Once it's on a victim's machine, the new variant, dubbed Geodo by Seculert, downloads a second piece of malware that communicates with a command-and-control server. That second piece of malware is a worm that has 50,000 stolen SMTP email account credentials, including those of the associated SMTP servers.

 

 

DarkReading/full read here/ http://www.darkreading.com/vulnerabilities---threats/infamous-banking-malware-adds-email-sending-fea...

 

 

 

Community Leader

Posts: 3,733
Topics: 2,203
Kudos: 2,971
Blog Posts: 0
Registered: ‎06-02-2014

Cybercrooks breed SELF-CLONING MUTANT that STEALS your BANK DETAILS

By John Leyden, 2 Jul 2014

 

Cybercrooks have put together a botnet client which bundles in worm-like functionality that gives it the potential to spread quickly.

Seculert warns that the latest version of the Cridex (AKA Geodo) information stealing Trojan includes a self-spreading infection method.

 

Infected PCs in the botnet download a secondary strain of malware – an email worm – from the botnet's command and control servers. That worm pushes out an email with links to download a zip file containing the primary Cridex Trojan.

 

The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/02/cridex_trojan_email_worm_hybrid/

 

 

Community Leader

Posts: 3,733
Topics: 2,203
Kudos: 2,971
Blog Posts: 0
Registered: ‎06-02-2014

New Cridex Malware Uses Self-Spreading Infection Mechanism

By Eduard Kovacs on July 02, 2014
 

New Version of Cridex Malware Combines Data Stealer and Email Worm

A new version of the data-stealing malware Cridex (Feodo/Bugat) has been found to rely on a worm in order to spread from one computer to another.

Researchers from threat protection firm Seculert analyzed the self-spreading infection system used by the Trojan dubbed "Geodo." Once it infects a system, the threat downloads a second piece of malware, a worm, that starts communicating with a command and control (C&C) server from which it gets the information needed for the distribution process.

The C&C provides the worm with a list of 50,000 stolen Simple Mail Transfer Protocol (SMTP) account credentials, along with the details of the SMTP servers. The malware also receives email body text, email subject lines, "from" addresses, and a list of 20 email addresses to which messages are sent using the stolen SMTP credentials. After the malicious emails are sent to the batch of 20 addresses, the process is repeated for another 20 targets.

 

SecurityWeek/ Full Read Here/ http://www.securityweek.com/new-cridex-malware-uses-self-spreading-infection-mechanism

Community Leader

Posts: 5,823
Topics: 83
Kudos: 5,125
Registered: ‎11-27-2013

New Cridex Banking Trojan variant Surfaces with Self-Spreading Functionality

New Cridex Banking Trojan variant Surfaces with Self-Spreading Functionality

Wednesday, July 02, 2014 

 

In an effort to infect large number of people, cybercriminals have developed a new malicious software program that contains functionality to spread itself quickly.
 
Geodo, a new version of the infamous Cridex (also known as Feodo or Bugat) banking information stealing Trojan works in conjunction with a worm that sends out emails automatically to continue its self-spreading infection method, effectively turning each infected Windows system in the botnet for infecting new targets, Seculert warned.
 
The Infected Windows systems in the botnet network download and install an additional piece of malware (i.e. an email worm) from the Botnet's command and control servers, provided with approximately 50,000 stolen SMTP account credentials including those of the associated SMTP servers.
 
Sherry

   

Helpful Webroot Links:


Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User Guides |

BrightCloud URL lookup

Register and Introduce yourself to The Community!


Mac / Yosemite(10.10.1), IPads, PCs,W 7 Pro & W 8.1 R Pro. W 7 Pro on Lenovo (VM:W7,8.1,10) & W/Vista Ultimate on Gateway Laptop.
(WSAC 5 PC,WSA Business)W/10 Preview