Spear-Phishing Gang Resurfaces, Nets Big Catch
Brian Krebs writes on Security Fix:
A prolific phishing gang known for using sophisticated and targeted e-mail attacks to siphon cash from small to mid-sized business bank accounts appears to be back in operation after more than a 5-month hiatus, security experts warn.More here.
From Feb. 2007 to Jan 2009, analysts at Sterling, Va., based security intelligence firm iDefense tracked 38 separate phishing campaigns from am Eastern European gang they simply call "Group A." iDefense believes this group was one of two responsible for a series of successful phishing attacks that spoofed the U.S. Better Business Bureau (BBB), the U.S. Department of Justice, the IRS, as well as Suntrust and payroll giant ADP. Last summer, authorities in Europe and Romania are thought to have arrested most members of a rival BBB phishing gang that iDefense called Group B.
While the type of tricks that Group A employs once victims are hooked have grown more sophisticated, the initial lure used to snare people hasn't changed: In each attack, the scammers send out "spear phishing" e-mail messages (so called because they use the victim's name in the message) and urge the recipient to click on an attachment.
The attached file is, naturally, a Trojan horse that steals stored user names and passwords, and looks for victims logging in at commercial banks. If the victim logs in to a bank that requires so-called two-factor authentication -- such as the input of a one-time pass phrase or random number from a supplied hardware token -- the Trojan re-writes the bank's Web page on the fly, inserting a form that requests the information. The attackers typically begin initiating wire transfers out of the victim accounts shortly after the credentials are stolen, said iDefense analyst Mike LaPilla.