Facebook, financial firms targeted by online maurauders

Several new and persistent schemes have emerged for spreading malware on popular sites.

Online lowlifes were busy last week spreading infections online, targeting Facebook and several financial institutions, according to malware fighters.

Facebook squashes Dorkbot

Facebook members were targeted by a pernicious program called Dorkbot. The program is primarily spread through Facebook chat, but it can also propagate thorough USB devices, noted Bianca Stanescu of Bitdefender.

Dorkbot pretends to be a picture file but is actually a program that installs malicious code on a machine when someone tries to open the file.

Online information locker MediaFire discovered the poisonous files on its servers and has taken steps to trash them, including wiping files with double extensions, such as .jpg.exe, .png.exe, and .bmp.exe.

Dorkbot contains a typical bag of malware tricks. It will steal sensitive information from an infected machine and can block updates of antivirus software to protect itself from discovery.

PushDo returns

Researchers also reported last week that an old botware family is being taught some new tricks. Botware is used to set up a network of infected machines that can be used for a variety of nefarious tasks.

PushDo is an hoary botware family and, according to Damballa Senior Researcher Jeremy Demar, it's being modified to use Domain Generation Algorithms as a fallback mechanism when its command and control servers are disrupted.

The technique allows a botnet running the software to create more than a thousand bogus and unique domain names a day, and to connect to them if its command and control server is knocked out by bot fighters.

This latest wrinkle in PushDo illustrates once again the resiliency of its authors. The botnet has been shut down four times in the last five years, only to rise again from the dead, like the zombie machines in its network.

PushDo has some other tricks up its sleeve, Demar wrote.

"The malware will generate fake traffic to legitimate web sites in an attempt to mask its C&C communications, with 200 domain names to contact," he noted. "The C&C servers will also respond with a jpeg image with encrypted, embedded malware payloads to hide any additional files it wants to download."

Bank of America, Citibank, and Dun & Bradsteet headlined some scams targeted at businesses last week.

Financial institutions targeted

Solera Networks waved a red flag over a spam campaign masquerading as a "merchant statement" from banks. The digital detritus contains a word-processing file--a .doc or .rtf--and if opened, exploits a vulnerability patched by Microsoft a year ago to install a password stealer on an infected machine.

The Dun & Bradstreet scam is a variation of the old  Better Business Bureau swindle. In this case, a target receives an official-looking email from D&B claiming a complaint has been lodged against them.

The target can see the complaint by clicking on an attachment to the email. Doing so, of course, installs a Trojan on their machine which will steal personal information from the device, according to Barracuda Networks.

Join the CSO newsletter!

Error: Please check your email address.

Tags MediaFiresecuritymalwareFacebook

More about Barracuda NetworksBradstreetCitigroupFacebookMicrosoftSolera Networks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place