Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, April 30, 2013

Backdoor malware hits clearing house clients

A backdoor malware is threatening to steal credit card details of clients of Automated Clearing House (ACH) by fooling them into opening an email attachment claiming to be a payment receipt. Security vendor Bitdefender said the fake payment receipts are part of what it called “a rising wave” of spam emails targeting credit card data. In November 2011, a bank refusal e-mail came loaded with a Trojan unleashed by a fake flash.exe update.   Bogus ACH failure notifications have also been used to spread a variant of the ZeuS banking Trojan,” Bitdefender said in a blog post.

Bitdefender said ACH is an electronic network frequently used for financial transactions in the United States.  Investigation showed the spam email claims a wire transaction has been completed, and that a certain amount has been successfully transferred, But Bitdefender said clicking on the archive with the fake PDF attachment infects ACH clients with the “Backdoor.

“Banking details are also targeted by attackers, who are able to catch keystrokes without users’ consent,” it added.

However, it advised users to keep their software, operating system and antivirus updated, and avoid running executable files that claim to be updates or PDF files.



Posted on 04/30