It's been a busy week in the hacking and malware world. Anonymous posted sensitive information of more than 4,600 banking executives to a government Web site on Sunday. Then, the Federal Reserve admitted it was hacked Tuesday morning.
Symantec is warning about fake FedEx e-mails circulating the Internet. According to Symantec, the e-mails claim the user must print out a receipt by clicking on a link and then physically go to the nearest FedEx office to receive their parcel.
"Obviously the parcel does not exist and those who click on the link will be greeted by a PostalReceipt.zip file containing a malicious PostalReceipt.exe executable file," said security researcher Shunichi Imano at Symantec. "Instead of receiving a parcel, which the user did not order in the first place, Trojan.Smoaler is delivered to the computer."
Don't Take a Nap
The Trojan Nap also wreaked havoc online this week. Nap is a malicious downloader that works to steal information from victim machines. But Manos Antonakakis, senior director of research at Damballa Labs, told us there is nothing new about Nap.
"Botnets have been using fluxing techniques for years in order to evade statically compiled black lists. Also, anti-VM [virtual machine] analysis techniques are not an infrequent phenomenon in the current malware landscape," Antonakakis said. "If a company employs legacy signature-based systems, then both anti-VM techniques and fluxing botnets -- both from the IP or domain name side -- will evade their perimeter defenses."
Based on previous analysis of this malware from the community, and according to Damballa datasets, he believes this particular threat is related to the Kelihos botnet. The fast flux network , domain registration, and name servers being used all point back to the Kelihos botnet operators. Antonakakis believes the downloader being used is just one component in this campaign.
"AV people should be paying attention to the network behavior and the ecosystem around Internet threats," Antonakakis said. "Binaries employ several different obfuscation techniques, so tracking them in the context of botnets is extremely hard. Let's put it another way: If you rely on seeing the malware, you have already lost the war."
Bamital Bites Browsers
The security roundup would not be complete without a look at the Bamital botnet. The Bamital botnet hijacked search results across various Web browsers offered by companies such as Google, Yahoo and Microsoft . Bamital also fraudulently charged businesses for online advertisement clicks and took control of users computers, allowing Bamital's organizers to install viruses that could engage in identity theft. (continued...)