TechCrunch fiasco part of rising tide of trojan troubles

Image representing TechCrunch as depicted in C...

Image via CrunchBase

Trusteer says TechCrunch Europe’s Zeus trojan infection is the tip of a growing iceberg of site infections and spammed email

ECM Plus – IT security website TechCrunch Europe has served up a Zeus trojan-installer PDF file to its visitors on Monday of this week and, says provider of secure browsing services Trusteer. Apparently, the infection is down to the rising tide of Zeus attacks.

According to Mickey Boodaei, Trusteer’s chief executive, one of the Javascript files of the TechCrunch site was modified by hackers to open an IFRAME, which in turn delivered a PDF file with a nasty Zeus infection.

“The bad news about this infection, which lasted several hours on Monday of this week, is that – as security researcher Rik Ferguson says in his blog

(http://bit.ly/bL2Jjx) – just two of 43 IT security applications can detect this malware variant,” he said.

Boodaei, whose company supplied free in-browser security software to a growing number of banks worldwide, says the TechCrunch fiasco is all part of the rising problem of Zeus infections.

The number of users who are infected with Zeus, he says, has increased over the past month due to aggressive distribution attempts made by fraudsters.

The two leading infection routes, he explained, are compromised website that serve up a Zeus infection to visitors and spammed emails that include Zeus as an attachment or link.

And whilst the quantity and hacking quality of these attacks have increased, Trusteer is also seeing a drop in antivirus detection rates for Zeus as this example shows – http://bit.ly/dic6i7.

“Trusteer warned a while ago that the newer version of Zeus is very effective in avoiding detection by IT security software and the increased Zeus infection rates demonstrates this,” he said.

“We estimate that fraud losses due to Zeus specifically are going to triple in 2011 due to the increase in distribution and lack of coverage by antivirus vendors. This latest infection of the TechCrunch Web portal is just the tip of the iceberg,” he added.

“The good news is that, if users of HSBC, Natwest, Santander and other UK banks download a copy of our free Rapport in-browser software, even if they are infected, the software will prevent their e-banking credentials from leaking.”


Advertisements

Leave a comment

Filed under Content Security, Web Content Management

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s