Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Spam campaign delivers Ursnif malware

BitDefender UK : 16 October, 2015  (Technical Article)
Bitdefender discovers renewed campaign delivering Ursnif malware designed to target English, Russian and German speakers
Spam campaign delivers Ursnif malware

The Ursnif malware family is back, this time targeting the private data and financial activity of German, Russian and English-speaking users, warns Bitdefender. According to data from Bitdefender’s antispam labs, some 10,000 emails were sent as part of a new global spam campaign.

“Known as a spyware family, Ursnif is specialised in information gathering but is also capable of compromising a system completely,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “Ursnif usually propagates through spam emails, hides in an archive and waits to be manually downloaded in order to be executed on the system. The sample we’ve analysed can execute a variety of operations based on the instructions it receives.”

Ursnif can discover credentials and other data within Microsoft Outlook, including system data, certificates and private keys from various locations within the platform. The malware strain can also restart the system, modify Windows Directory files, collect or delete cookies and spy on the user’s browsing history. It can also take screenshots of the device screen.

The collected data is saved in temporary folders and is transmitted via HTTP to C&Cs which are generated using text from the US declaration. The encrypted code has a section which contains configuration data that may change from sample to sample. In this case, the configuration data contains URLs and details about different banking services and processes.

Bitdefender detects and blocks this threat as Gen:Variant.Kazy.616358, and advises users to regularly update their AV solution in order to fend off keyloggers, spyware and other persistent threats. The speed of detection and response to this type of targeted attack is crucial for users to remain secure.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo