Deli z drugimi:
Novi masivni napadi in kraje identitete
) |
Pandini laboratoriji so odkrili dva nova masivna napada, katerih cilj je kraja podatkov za pridobitev identitet uporabnikov. Prvi napad izgleda tako, da pošlje e-sporočilo, ki simulira potrdilo o nakupu, gre pa pravzaprav za sporočila okužena s trojancem Downloader,KBR. E-sporočilo ima naslednje lastnosti:
Predmet: Order Confirmation number: WC9921564
Tekst:
Dear Sir/Madam,
Thank you for shopping with our internet shop. Your order, WC9921564, has been received. Summary of your order you can see in the attachment file.
This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.
Please Note: There is no need to re-send your request or call our customer service department for status or tracking number, this will only delay our response time to you. Rest assured, we are making every effort to process and ship your order within 1 to 2 business days. We appreciate your understanding and patience and do value your business.
Once your order has been processed and shipped a FEDEX Tracking number will be automatically emailed to the address provided.
Please Note: Tracking information will be available in FedEx’s system only after 10pm EST Monday thru Friday. If you receive a tracking number on Sunday, you will be able to track it Monday evening after 10pm EST.
All orders placed including 1-2 or 2-3 business day options are shipped within 48 hours providing the merchandise is in stock.
All FedEx Ground orders will take 7-10 business days to arrive.
Some packages may require a signature upon delivery. These packages will not be left without a signature. For your convenience, we will email you a FedEx tracking number on all successfully processed and shipped orders.
All Plasma TVs, DVD players, Scanners, Fax Machines, Receivers, Home Theater, and Printers are not returnable after box is opened.
To insure the best handling of your order please allow 24-48 business hours for the processing and the shipping of your order. Thank you for your cooperation.
We hope you enjoy your order! Thank you for shopping with us!
Datoteka, pripeta k temu sporočilu, ki vsebuje trojanca, je imenovana WC9921564.exe.
Trojanec Downloader.KCC se skrije v datoteki imenovani paycheck_322082.zip, ki je pripeta spam sporočilu, ki je bilo masivno razposlano naokoli v zadnjih nekaj urah. Ta sporočila trdijo da so povratna potrdila za plačila oz. nakupe, ki naj bi jih ciljani uporabnik (žrtev) opravila s svojo kreditno kartico. E-sporočila, ki jih žrtve pejemajo imajo slednji predmet: [paycheck 322082] Credit Card Chargeback, medtem ko tekstovno sporočilo izgleda takole:
Sir,
We have received a notice from your card service stating that there was a chargeback made by the owner of the card that you paid for
your account with. This is a very serious matter.
I have deducted the amount of the chargeback, GBP 102.10, from your account and added our standard fee of GBP 23.95 as well. (You can
see your payment details in attachment.)
If there was some mistake, please let us know immediately so that we
can get this situation resolved. We ask that you have the chargeback
removed as soon as possible, as our account has already been debited for the amount in question.
If you would prefer to make your payment using a new payment
method that would be fine as well (you can use a different credit card or you may send a money order payable to Cihost).
This is a time sensitive issue and must be resolved promptly at the
request of the card service. Please email the billing team using the Web Administration Panel with information about how you are going
to deal with this situation.
I thank you for your time and hope to hear from you
soon.
See your payment details in attachment.
Sincerely,
Frank J. Cornwell
Cihost Billing Management
Kakorkoli že pa moramo upoštevati dejstvo, da je dejansko sporočilo, ki ga uporabnik prejme, lahko tudi drugačno vendar s podobno vsebino ali pa je lahko prevedeno iz angleščine v katerikoli drug jezik, saj so takšna okužena e-sporočila razposlana ročno.
“Ta metoda se je izkazala za dokaj učinkovito v socialnem inženiringu. Namesto da uporabijo druge vrste vabe, ustvarjalci teh sporočil poskušajo prestrašiti in zagnati paniko pri uporabnikih s tem, da jim pošljejo potrdila nakupov, ki jih ti sploh niso izvedli ali jih obveščajo o problemu nakazilam, ki ga ti v resnici niso nikoli izvedli. Ko so uporabniki obveščeni o teh finančnih problemih, preberejo e-sporočilo in odprejo pripeto datoteko, nezavedajoč se posledic, ki jih ima to dejanje za njihov računalnik,” pojasnjuje Luis Corrons, direktor pandinih laboratorijev.
Če uporabnik zažene sporočilo pripeto h kateremukoli zoraj omenjenemu sporočilu, se trojanec namesti na računalnik. Downloader.KCC in Downloader.KBR izvajata podobne akcije in na sistem namestita trojanca Spyforms.A, ki je ustvarjen za krajo podatkov iz okuženih računlnikov, kot so IP naslovi ali gesla za dostop do interneta. Kot pravi Luis Corrons: “Z informacijami , ki jih pridobi Spyforms.A, lahko škodljivi uporabnik povzroči krajo identitete in na primer izvaja vse vrste online akcij in podatke nato razpošlje naprej. Napadalec lahko na primer povzroči finančno prevaro tako, da bi se v primeru tožbe avtoritete osredotočile na uporabnika čigar osebni podatki so bili uporabljeni, medtem ko bi ostal pravi kriminalec anonimen.”.
Prijavi napako v članku
Povezave
Sorodne novice
Kaj berejo drugi?
Partnerji Računalniških novic Prikaži vse
SMART COM d.o.o.
S-GRAF d.o.o.
