Print 19 comment(s) - last by Bubbacub.. on Jun 27 at 2:43 PM

Attack is an extension of the man-in-the-browser attack methodology

Security researchers admit they're still struggling to defeat man-in-the-browser (MitB) attacks.  The best-known example of this attack is the Zeus (aka Kneber, etc.) botnet, which is comprised of machines infected by drive-by-download or phishing attacks.  

Researchers are currently only 23 percent effective at detecting and removing Zeus variants, although attacks on command and control servers have been somewhat effective.  The malware operates via a browser extension in Firefox or via a Browser Helper Object in Microsoft Corp.'s (MSFT) Internet Explorer.  The Trojan is used to carry out traditional malware activities, such as spamming and bank transaction interception/modification.

I. Hackers Steal From the Rich, Give to Themselves With Op. High Roller

Now even as researchers continue to struggle with Zeus and its successor SpyEye, there's an even more sinister malware storm brewing that Guardian Analytics and Intel Corp. (INTC) subsidiary McAfee have been tracking [PDF], dubbed "Operation High Roller".

The new attack is much more organized, driven via cloud controllers, versus Zeus where infected machines often operated in a rogue lone manner.

Using cloud servers, machines infected with High Roller Trojans are hit with server-based fraudulent bank transactions totaling up to $130,000 USD (€100,000).  These very large transactions are ferried through "mule" accounts also operated by the control-servers.  The attacks use Zeus or SpyEye for reconnaissance and then use compromised local machines to target large accounts via "spear phishing" tactics.

Spear phishing email
An example "spear phishing" message from an infected machine. [Image Source: McAfee]

The new multi-approach malware is able to circumvent typical "chip and pin" physical security features, such as the smartcard reader ID systems commonly used in Europe.  It targets primarily "high rollers" -- accounts with more than €250,000, the kind commonly maintained by wealthy individuals and corporations.  This differs from Zeus and other past attacks that primarily targeted the masses with smaller transactions

Op. high roller is stealing millions from the wealthy [Image Source: The Hibernia Times]

II. Sophisticated Cloud-Commanded Malware Hits U.S.

The attacks initially targeted Europe, but have since spread to the U.S. and Columbia.  The hardest hit region in Europe, according to McAfee is the Netherlands, which suffered over €141M ($175M USD).  However attacks in the U.S. are also escalating with 8 to 10 malware variants currently attacking 109 businesses.

Texas is the state currently being hardest hit by the attacks.  Numerous account holders in New York, Georgia, and California were also targeted.  

High Roller attacks
Many states have been hit by Operation High Roller. [Image Source: McAfee]

Most of the attacks originated from command-and-control servers than Russia, though some C&C servers were also found in China and the U.S., among other places.

Source: McAfee

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

phishing still works?
By MadMan007 on 6/26/2012 4:06:02 PM , Rating: 1
Really people, phishing still works? No matter how technically advanced this malware is, it still depends upon a human to go to the fake site.

I get that there are lots of gullible people out there, it just still surprises me that techniques like this continue to work so well.

RE: phishing still works?
By leviathan05 on 6/26/2012 4:25:12 PM , Rating: 5
To paraphrase George Carlin, think about how stupid the average person is, and realize that half of the people out there are even less intelligent than that.

Phishing will probably work forever. Maybe not at high success rates, but enough to make it profitable.

RE: phishing still works?
By jRaskell on 6/26/2012 4:28:32 PM , Rating: 2
I get that there are lots of gullible people out there, it just still surprises me that techniques like this continue to work so well.

If you truly 'got' that there were lots of gullible people out there, then it wouldn't surprise you that these techniques continue to work.

It doesn't surprise me at all. These techniques will ALWAYS work because there will always be gullible people.

RE: phishing still works?
By MadMan007 on 6/26/2012 5:00:38 PM , Rating: 1
Thanks jerk. I was trying to come up with a way of wording that to convey my thoughts but couldn't come up with the right wording and wasn't going to take forever doing it.

I *acknowledge* that there are stupid people, even after many years of warnings about such things, what surpises me is that it works *so well* Maybe it's just a numbers thing, I'd be interested to know what percentage of people who receive spam like this are actually victimized.

RE: phishing still works?
By MadMan007 on 6/26/2012 5:33:58 PM , Rating: 4
Sorry for the 'jerk' comment...I just thought that what I said made sense, and figured more people wouldn't be quite as cynical (which I usually am) about how many people fall for this kind of thing.

RE: phishing still works?
By martyrant on 6/26/2012 10:00:39 PM , Rating: 5
The Art of Deception.

I'm pretty sure most of us know who Kevin Mitnick is...It's rather obvious that the weakest link is always a human factor...

RE: phishing still works?
By Argon18 on 6/26/12, Rating: 0
RE: phishing still works?
By impinchi on 6/27/2012 10:46:12 AM , Rating: 3
Phishing and Trojans are the only sort of malware that can infect secure systems like Linux or OSX

You realize you just put LINUX and OSX in the same security category right?

Just had to say something about that. It's so wrong...

RE: phishing still works?
By Bubbacub on 6/27/2012 2:43:09 PM , Rating: 3
the only thing that makes linux secure is that its not in common use and you have to type your password in a hundred times a minute just to do anything.

p.s. i know that i exagerate

p.p.s i currently have a linux only household - and am very happy with it (mint13 at the moment).

Well if the rich are being targeted
By johnsmith9875 on 6/26/12, Rating: 0
RE: Well if the rich are being targeted
By ebakke on 6/26/2012 5:36:12 PM , Rating: 3
How about we let the police find the culprits. They're paid to do so.

RE: Well if the rich are being targeted
By Diablobo on 6/26/12, Rating: -1
RE: Well if the rich are being targeted
By Reclaimer77 on 6/27/12, Rating: -1
RE: Well if the rich are being targeted
By Diablobo on 6/26/2012 8:54:54 PM , Rating: 2
If you can't see that the same attitudes towards government and the actions that leave them under-funded and poorly staffed translate directly to the federal level and the ones who DO solve and prevent those crimes, then I don't know what to tell you.

Go click on one of those phishing emails, because you're just the type of ignorant jerk those things are designed to catch.

RE: Well if the rich are being targeted
By Reclaimer77 on 6/27/12, Rating: 0
By RedemptionAD on 6/27/2012 2:39:09 PM , Rating: 2
There are many "underfunded" police departments, the issue lies largely in the fact that political policy largely impacts the size of a police force needed to enforce the policy. As well as in many areas, criminal population can dwarf the legitimate population and an outside intervention would be needed in those such cases.
Businesses not only lure people to an area and, but also pay the taxes that support those infrastructure things like teachers and policemen. A sound political policy understands that and scales the government size around the $$ it receives with a shift in the focus of funds as society shifts.
Teachers and policemen are required for a modern day society to function. Excessive compensation of those workers is fiscally irresponsible and what leads to things like what happened to the Big 3 automakers where the workers end up getting less than what they would have had the compensation not gotten excessive.
Like it or not, R or D, businesses employ people and pay taxes, a government expense is a necessary loss and too much government like a top heavy boat, will capsize a country and hurt everyone involved.

By leviathan05 on 6/27/2012 2:37:48 PM , Rating: 2
Something like 10% of all workers in the U.S. are employed by a government agency of some sort. You think that is understaffed? When you add in contractors that are primarily supported by the government it shoots up closer to 20%. When you add in people receiving welfare you are now around 25% of working Americans that are directly funded by the government. What percentage do you think should work for the government? 30%? 40%? And you want to tax the rest of the workers to pay for those employees? And you wonder why people think differently than you?

By Ringold on 6/27/2012 12:24:20 PM , Rating: 2
You don't even know the positions of those you oppose, kiddo. Conservatives are very much law-and-order types; what part of Arizona or Texas or many other Republican states strong law enforcement reputation confuses you?

Now, contrast that with Chicago and NYC, where corruption is so endemic its almost an accepted part of political and business life. And I know, there's the occasional black eye for Republican run areas, but no where in America compares to that.

Like the guy said, you were just fishing for an excuse to foam at the mouth. It's more an FBI sort of issue to my understanding, and I don't think I've ever head any politician ever single out the FBI for budget cuts. It's the military and, primarily, entitlement programs that are the drivers of the budget.

Hmmm I found a solution
By Makaveli on 6/26/12, Rating: -1
"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki