In the third quarter of 2012, FortiGuard Labs detected high activity levels of ZmEu, a tool that was developed by Romanian hackers to scan Web servers running vulnerable versions of the mySQL administration software (phpMyAdmin) in order to take control of those servers. Since September, the activity level has risen a full nine times before finally levelling off in December.
Lovet outline four methods commonly used by attackers:
1. Simda.B: A malware that poses as a Flash update in order to trick users
into granting their full installation rights. Once installed, the malware
steals the user’s passwords, allowing cybercriminals to infiltrate a victim’s email and
social networking accounts to spread spam or malware, access Web site admin
accounts for hosting malicious sites and siphoning money from online payment system
2. FakeAlert.D: A fake antivirus malware that notifies users via a convincing-looking
pop-up window that their computer has been infected with viruses, and
that, for a fee, the fake antivirus software will remove the viruses from the victim’s
3. Ransom.BE78: This is ransomware, prevents users from accessing their personal data.
The infection either prevents a user’s machine from booting or encrypts data on the victim’s machine and
then demands payment for the key to decrypt it.
4. Zbot.ANQ: This Trojan is the "client-side" component of a version of the infamous
Zeus crime-kit. It intercepts a user’s online bank login attempts and then
uses social engineering to trick them into installing a mobile component of the malware
on their smartphones. Once the mobile element is in place, cybercriminals
can then intercept bank confirmation SMS messages and subsequently transfer funds to a
money mule's account.
"While methods of monetizing malware have evolved over the years, cybercriminals today seem to be more open and confrontational in their demands for money − for faster returns,” said Lovet.“Now it's not just about silently swiping passwords, it's also about bullying infected users into paying."
Lovet also said that in the third quarter of 2012, FortiGuard Labs detected high activity levels of ZmEu, a tool that was developed by Romanian hackers to scan Web servers running vulnerable versions of the mySQL administration software (phpMyAdmin) in order to take control of those servers.
“Today, we live in a blended work-personal life,” according to John Stewart, senior vice president and chief security officer for Cisco’s Global Government and Corporate Security. “The hackers know this and the security threats that we encounter online such as embedded Web malware while visiting popular destinations like search engines, retailers and social media sites and smartphone tablet apps no longer threaten only the individual, there also threaten the organizations by default.”