Author/ Zeljka Zorz HNS Managing Editor
The distribution potential of the infamous Cridex infostealer (also known as Feodo or Bugat) just went up a notch, as a new version of the malware works in conjunction with a worm that sends out emails with a link to download a zip file containing the trojan.
Initially distributed via removable drives, as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites, the threat is now delivered directly to users via their inboxes.
Help Net Security/ Full Read Here/ http://www.net-security.org/malware_news.php?id=2799
By/ Kelly Jackson Higgins Posted on 7/1/2014
Cridex -- a.k.a. Feodo and Bugat -- now has a more streamlined and automated way of infecting victims and stealing their information.
A new version of an infamous banking worm comes with built-in stolen email account and server credentials for automatic email worm attacks to continue its spread.
The so-called Cridex data-stealing malware, a.k.a. Feodo and Bugat, now has a more streamlined and automated way of infecting victims, researchers at Seculert found. Once it's on a victim's machine, the new variant, dubbed Geodo by Seculert, downloads a second piece of malware that communicates with a command-and-control server. That second piece of malware is a worm that has 50,000 stolen SMTP email account credentials, including those of the associated SMTP servers.
DarkReading/full read here/ http://www.darkreading.com/vulnerabilities---threats/infamous-banking-malware-adds-email-sending-fea...
By John Leyden, 2 Jul 2014
Cybercrooks have put together a botnet client which bundles in worm-like functionality that gives it the potential to spread quickly.
Seculert warns that the latest version of the Cridex (AKA Geodo) information stealing Trojan includes a self-spreading infection method.
Infected PCs in the botnet download a secondary strain of malware – an email worm – from the botnet's command and control servers. That worm pushes out an email with links to download a zip file containing the primary Cridex Trojan.
The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/02/cridex_trojan_email_worm_hybrid/
New Version of Cridex Malware Combines Data Stealer and Email Worm
A new version of the data-stealing malware Cridex (Feodo/Bugat) has been found to rely on a worm in order to spread from one computer to another.
Researchers from threat protection firm Seculert analyzed the self-spreading infection system used by the Trojan dubbed "Geodo." Once it infects a system, the threat downloads a second piece of malware, a worm, that starts communicating with a command and control (C&C) server from which it gets the information needed for the distribution process.
The C&C provides the worm with a list of 50,000 stolen Simple Mail Transfer Protocol (SMTP) account credentials, along with the details of the SMTP servers. The malware also receives email body text, email subject lines, "from" addresses, and a list of 20 email addresses to which messages are sent using the stolen SMTP credentials. After the malicious emails are sent to the batch of 20 addresses, the process is repeated for another 20 targets.
SecurityWeek/ Full Read Here/ http://www.securityweek.com/new-cridex-malware-uses-self-spreading-infection-mechanism
Wednesday, July 02, 2014 Wang Wei
Microsoft® Windows Insider MVP - Windows Security