Wednesday, October 15, 2008

Phishing with Malware

I've been pretty busy lately with work and the malware challenge (only 11 days left!) but I figured I'd post something which came across my inbox today. Wachovia has been getting alot of phishing attempts against it which lead to a page trying to get you to install a security update, which is actually malware. I guess the bad guys decided that Wachovia had enough and decided to turn their sites on Key Bank.

I received the following email supposedly from Key Bank asking that I update my system now.

Clicking on the link took me to the following page, which is NOT located on Key Bank's website.

If you wait long enough it will refresh itself to the executable, but by clicking on the link the page will attempt to download and run (with user acceptance) the malware and will open up another browser window to the actual Key Bank login page. This page IS on Key Bank's website, but note that Key Bank is NOT compromised.

What has happened is when the user installs the "update" the initial malware loaded downloads another one which installs itself as a service on the system. This new service then watches for any credentials sent. What happens when it gets one?

This isn't a new method for doing things - its been around for a while. However, this is the first time I've seen this specific attack (from this group) directed at Key Bank. Trend Micro has a posting about the same attack against a German bank.

Thursday, October 2, 2008

Malware Challenge Contest In Full Swing!

The malware challenge contest began yesterday and from what we can tell its very popular. According to our logs, we had over 100 downloads of the malware for the challenge from over a dozen countries.

For those who don't know yet, the malware challenge is a contest to analyze a piece of malware and find out what it does. The contest runs from October 1 to October 26 and the results will be presented at the Ohio Information Security Summit. Of course, we have lots of cool prizes to give away!

We have made the contest so that if you are new to malware analysis you'll still have a great shot at winning prizes. We're going to be looking more at the way people analyze the malware as opposed to if they get the right answers. In other words, if you unsure about it still participate. The worst that can happen is you learn something in the process and win a cool prize!

Also, thanks to all who have been helping advertise it! Without you no one would know about the contest.

I look forward to seeing everyone's submission!