Wednesday, August 15, 2012

Phishing the 1% ? keylogger spam aims at hedge funds ...

by Dave Michmerhuizen & Luis Chapetti ? Security Researchers

If you were in the business of distributing malware that steals computer credentials, wouldn?t you want to get your payload installed on the computers of people with money ? LOTS of money? Barracuda Labs recently detected a spam campaign that tries to do just that by targeting hedge fund managers.

The pitch is in a short and simple spam that offers advice about carried interest fees.

Carried interest spam

(click for full size image)

Carried interest is a topic of particular interest to hedge and private equity funds. It is an accounting mechanism used to return income to funds and it?s tax status has been the subject of some debate. For this reason, any email purporting to have information about carried interest fees is likely to raise the curiosity of financial professionals. Spammers rely on that curiosity to get their malware installed.

Opening and running the attachment (never run attachments!) loads and displays a PDF file which is actually relevant.

Carried Interest PDF

(click for full size image)

Meanwhile, the program is installs a keylogger which captures keystrokes and loads them to a remote server using FTP.

Keylogger traffic

(click for full size image)

Because the FTP protocol is unprotected, we were able to look at the remote server that receives the files. Each entry in the list shown corresponds to keystrokes and files from some computer whose owner ran the Trojan.

Keylogger server

(click for full size image)

Never trust an attachment sent to you in email, even if the source appears reputable. In cases like this we suggest you first save the attachment to disk and then send it to the virus scanning service virustotal.com. That site subjects the attachment to over 40 different malware scanners, and returns a report for the attachment from this spam.

Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails. Barracuda Web Filters and the Barracuda Web Security Flex service stop the download of this threat.

Related stories:

  1. Political rhetoric ramps up and so does President Obama related spam
  2. Malicious spam targets Certified Public Accountants
  3. Spam campaign slanders Olympic gold medalist Gabrielle Douglas
  4. American Red Cross spam links to Paypal.com
  5. Bank phishing malware bypasses DNS to trick the web browser

Source: http://www.dataprotectioncenter.com/antivirus/barracuda-labs/phishing-the-1-keylogger-spam-aims-at-hedge-funds/

mayan calendar nfl playoff picture nfl playoff picture rose bowl 2012 sat cheating scandal hangover cure lebron james engaged

Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)