July 9th, 2009 by ahoogCorporations install firewalls, anti-virus software and more…but computers still get infected. Sometimes it’s laptops, other times it’s unpatched software or it could be a zero-day exploit. But most of the time, it’s simply users clicking on ever more believable scams (alerts about greeting cards, package tracking numbers, and security updates from Microsoft).
In this case, the exploit sends info immediately via IM and then allows direct remote access to the computer:
the criminals stole the money using a custom variant of a keystroke logging Trojan known as “Zeus” (a.k.a. “Zbot”) that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim’s bank account using the victim’s own Internet connection.
via Security Fix – PC Invader Costs Ky. County $415,000.
Moral of the story: firewalls, anti-virus and other security measures will never provide full protection. Companies need that final saftey net and a proactive approach to security (we call it threatForensics).
