A Boston-based company named Trusteer targets banks with solutions to this problem. Among those solutions is an endpoint malware detection program named Rapport. Banks are encouraged to offer this program to their important clients so that the client computers can be secured.
So, you're a malware author, and you're looking for online banking customers to compromise. Who better to target than people who are so important to a bank that they would receive special software to protect their accounts?
That targeting is just what is happening with the latest malicious spam campaign to appear in the Barracuda Labs spam honeypots.
Only 8 out of 47 antivirus products even recognize the attached malware, which Malwarebytes does identify as Trojan.Agent.rfz.
This trojan downloads three other pieces of malware (one was already inaccessible when we ran our tests,) all of which had even worse detection ratios – only 4 out of 47 for each, although these ratios should improve as antivirus vendors catch up. Note that the periodic contact with Google.com is typical of credential stealers which do so to test internet connectivity.
Trusteer Rapport might actually intercept these downloads, although we have no way of knowing for sure. What we do know for sure is a maxim we repeat often in our blog – don't run attachments received in email unless you personally know the sender, and the contents. It is just too easy to create perfectly deceptive phishing attacks. Instead, if you are asked to install or upgrade software, insist on a URL that is hosted on a reputable site.
Christine Barry est Senior Chief Blogger et Social Media Manager chez Barracuda. Avant de rejoindre Barracuda, Christine a été ingénieur de terrain et chef de projet pour des clients K12 et PME pendant plus de 15 ans. Elle est titulaire de plusieurs diplômes en technologie et en gestion de projet, d'un "Bachelor of Arts" et d'un "Master of Business Administration".Elle est diplômée de l'université du Michigan.
Connectez-vous avec Christine sur LinkedIn.