Spam blasts containing “polymorphic malware” coded to disseminate password-stealing banking Trojans have increased significantly in recent months.
A number of organizations were apparently duped into transferring funds by polymorphic and other forms of nefarious malware, including Oncology Services of North Alabama ($120,000), North Putnam Community School Corporation ($98,000) and the City of Oakdale, California ($118,000).
According to security expert Brian Krebs, one of the most common spam hooks is an email formulated to look like it was sent by NACHA, a non-profit organization that sets operating rules for organizations that handle electronic payments.
As Krebs points out, using NACHA’s name as bait is “doubly insulting” because victims soon find new employees – money mules – mysteriously added to their payroll.
“After adding the mules, the thieves use the victim’s online banking credentials to push through an unauthorized batch of payroll payments to the mules, who are instructed to pull the money out in cash and wire the funds (minus a commission) overseas,” he explained in an official blog post.
“[Of course], blocking these attacks has little to do with state-of-the-art computer systems or scanning files with anti-virus. It’s not clear what malware family was used in any of these attacks, although the first two mentioned in this story involved a cyber gang that favors the ZeuS Trojan.”
Krebs also emphasized that corporations and organizations needed to understand the malware campaigns have far more to do with engineering and tricking humans than actually defeating tech and advanced security platforms.
“No single approach or technology will stop all of these account takeovers, but preventing the theft of your online banking credentials is a critical first step. That’s why I continue to advise that small- to mid-sized organizations use a dedicated computer for online banking.
“Using a non-Windows PC – such as a Live CD or a Mac – is the safest approach, but not necessarily the most practical or affordable. An alternate approach is to access bank accounts from an isolated PC that is locked-down, regularly updated, and used for no other purpose than online banking,” he added.