Gladiator Research and Security

Over the past year, security researchers found many new Web attacks indicating that the “bad guys” have come up with some rather advanced methods to accomplish their dirty deeds.  In the past few months alone, two particular banking attacks have been detected that demonstrate the sophisticated methods being used to steal money from online banking users.  In the first attack method, dubbed “Chat-in-the-Middle,” the fraudster creates a fake support chat session with his victim by claiming to be from the bank’s fraud department.  The fraudster then uses social engineering techniques to attempt to gather further information from the unsuspecting victim.  The second attack, a Trojan known as URLZone, involves editing a user’s banking website to hide money transfer transactions started by the attackers.  This technique gives attackers ample time to transfer the funds through “money mules” and, eventually, into their own accounts, well before the attack is ever spotted by the victim.

The FDIC has issued an advisory warning consumers and financial institutions about a new email phishing scheme purportedly from the Federal Reserve Bank.  The email claims there are new restrictions in place for wire transfers, and provides a link to two websites providing more information.  These sites attempt to download malicious Trojans onto victim PCs.  A copy of the phishing email can be seen in the FDIC advisory linked below.  As always, Gladiator recommends that users do not click on links contained in unsolicited email.  If you already received this phishing email and clicked on one of the links, Gladiator recommends that you run a full antivirus scan of your PC.  Furthermore, you can try running a malicious software removal tool, such as Malware Bytes Anti-Malware, in an attempt to find any other unwanted programs.

Part 1 – Recognizing an Infection
Part 2 – Incident Response Plans and Procedures

Introduction

We’ve all been faced with the following situation at one time or another.  Imagine you’ve just walked in the door of your office, and one of your coworkers comes up to you complaining that his computer is running slowly.  You tell him that is normal in the morning, but then he says his web browser keeps popping up new windows and then crashing.  Of course, he forgets to mention that he was on a flash game website when it all started, until you get to his desk and discover this for yourself.  So, now what do you do?  You suspect this machine has a virus or some other type of malware, but you aren’t sure.  The computer has fully-updated virus definitions and a full system scan didn’t find any malware.  But is the machine safe?

In Part 1 of Malware Basics, we’re going to review some signs that a machine may have malware.  Then we will go over some useful tools for identifying suspicious files even if your antivirus suite does not detect anything.  Finally, we’ll talk about how to identify what type of malware you found.  Part 2 of this series will deal with Malware Incident Response.

GSA Reference Number: AD071129-01

Simply Put: The Department of Homeland Security has alerted on a new wave of attacks directed toward corporate networks. Users are receiving emails containing Trojan horses or are directed to malicious websites. The sites are using “zero-day” vulnerabilities, meaning there are no patches or network IPS signatures available at this time to protect against the specific attacks that are in use.