Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Phishing Attacks Target SecureID Users

SecurEnvoy : 01 August, 2011  (Technical Article)
SecurEnvoy reports on phishing attacks using Zeus malware taking advantage of the fallout from the RSA hack of earlier this year
Phishing Attacks Target SecureID Users

Reports that a malware distribution campaign designed to spread the infamous Zeus malware - aka Zbot - is an interesting twist on the long-running evolution of the malware, says SecurEnvoy.

According to Andrew Kemshall, CTO with the multi-factor authentication specialist, Zeus has been more commonly associated with online banking session hijacks, so to hear that a new campaign to spread the malware by tapping fears surrounding the RSA SecurID authentication technology is a new attack vector.

"RSA's hack of earlier this year was clearly mishandled by the company, as users of SecurID had to wait almost two weeks before they knew anything other than the fact that RSA's servers had been seriously hacked," he said. "Furthermore, large numbers of SecurID users are reportedly waiting for the distribution of new hardware tokens, a process that could take a great deal of time to complete," he added. The SecurEnvoy CTO went on to say that this distribution campaign for Zeus plagues on the fears of SecurID's security issues by warning them of security vulnerability that requires immediate patching using downloaded software.

And to make the emails look more genuine, the hackers behind the latest Zeus campaign claim that the messages come from the National Security Agency in the US, amongst other sources. This, he explained, encourages users of SecurID to click on the URL in the email to download the required security patch - a process that a small minority of users, perhaps worried for the sanctity of their SecurID tokens, may do instinctively, he explained. The link in the fake lures then triggers a download of Zeus, as well as other malware that can cause security problems for the user whose machine that is being targeted.

What this shows, says Kemshall, is that users of SecurID have become potential targets for this specialist phishing technique - which his research team are calling Zishing - as a direct result of the poor way in which RSA handled news of its servers being hacked, resulting in their having to wait around 10 days to get official confirmation that the RSA servers had been compromised. "Regardless of what this new attack vector is being called, the reality is that there a sizeable minority of SecurID users who are sufficiently worried about the widely-publicised hack of earlier this year, and who will click on the relevant URL as a result," he said. "The success of this Zishing attack vector is the direct result of RSA inadequate and belated response to news of a break-in to its servers. Had the firm launched a better response as soon as the incident took place, then this infection campaign would not have any effect on users at all. It might also not have happened at all," he added.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo