Avalanche botnet moves from distributing spam to Zeus lures

Powered by SC Magazine
 

"An ominous development".

The world's most prolific phishing gang is now using a major botnet to distribute messages to lure victims into being infected with Zeus.

Researchers from the Anti Phishing Working Group (APWG) found that while the Avalanche botnet infrastructure had been used to launch conventional spam-based phishing attacks over the past two years, the messages had been replaced with spam that infects users' PCs with the Zeus Trojan.

Previously the Avalanche botnet was used for conventional spam-based phishing attacks to provoke a user into visiting a counterfeit website and enter their credentials. This accounted for two-thirds of all global phishing attacks in the second half of 2009.

However APWG research found that Avalanche was involved in just four conventional phishing attacks in the month of July 2010, with its operators ramping up a concerted campaign of crimeware propagation to fool victims into receiving the Zeus crimeware.

Lures, generally in the form of faked messages from tax authorities or as alerts/updates from social networking sites, take victims to drive-by download sites where they are infected.

Once a machine is infected, the criminals can remotely access it, steal the personal information stored on it, and intercept passwords and online transactions. The criminals can even log into the victim's machine to perform online banking transactions.

Co-author of the study, Rod Rasmussen called the shift of Avalanche from spam to the distribution of Zeus "an ominous development in the e-crime landscape".

“Their spamming and other activities to target victims continues at high levels, implying they are finding malware distribution a more effective and profitable tactic than traditional phishing,” he said.

Co-author Greg Aaron said: “The Avalanche criminals recently rented a large botnet called Cutwail to send out massive amounts of spam lures. Those spams led unsuspecting internet users to Zeus crimeware hosted on the Avalanche botnet. So this is a good example of how e-criminals don't work in isolation, and often use multiple tools like spam, malware, botnets and phishing to do their work.”

Amichai Shulman, CTO of Imperva, said: “What is apparent from our research is that the Avalanche cyber crime gang are also using advanced programming techniques. The problem is that the banks and users don't realise that the client browser is actually under the control of the hacker. So although a user is in fact authenticated to the bank, all transactions are actually being performed from that moment on by the trojan.

“Until the banks are able to prevent against this type of complex malware-driven fraud, the cyber criminal gangs will continue to evolve their already sophisticated strategies to beat the banks and their customers.”

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Avalanche botnet moves from distributing spam to Zeus lures
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1802

Vote
Do you support the abolition of the Office of the Information Commissioner?