Maybe it’s the quirky way some tech writers abbreviate it, or the surreal way it reminded you of that popular Michael Jackson song. Whatever triggers you to remember the term, for most of us, man-in-the-middle embodies something both familiar yet mysterious. Let’s get to know this threat a little bit better, shall we?
Malicious emails are in circulation claiming to contain an invoice from a Kitchen Appliance company, but instead contains the dangerous Zbot.
The threat known as Dyre was originally spotted by security firm CSIS and by PhishMe which also had uncovered the new malware earlier in June.
Back then, the threat was aimed at banks and other financial institutions, something very reminiscent of other banking Trojans such as Zeus and its variants.
But researchers discovered that the malware is now capable of capturing login credentials from Salesforce users by redirecting them through a phishing website.
Dyre will initially infect users through some form of social-engineering, typically with an email that contains a malicious attachment. Once on the system, the malware can act as a man-in-the-middle and intercept every single keystroke. To be clear, this is not a vulnerability with Salesforce or its website, but rather a type of malware that leverages compromised end-point machines.
A new variant of the Zeus/Zbot trojan, dubbed ZeusVM, is using images as a decoy to retrieve its configuration file, and waits to steal banking info.
Awareness and education about online dangers is essential but headlines like “Malware That Drains Your Bank Account Thriving On Facebook” instill fear while at the same time blame Facebook — something that may not be entirely justified.
In old times, a citadel was a fortress used as the last line of defense. For cyber criminals it is a powerful and state-of-the-art toolkit to both distribute malware and manage infected computers (bots). Citadel is an offspring of the (too) popular Zeus crimekit whose main goal is to steal banking credentials by capturing keystrokes…
As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the…