Wednesday, August 15, 2012
An Aug. 9, 2012, report released by ThreatMetrix alerted FIs that a new FI-targeted, peer-to-peer Zeus Trojan malware called Gameover is the "largest financial botnet we've ever seen." The company estimated more than 678,000 computers are infected with Gameover, including computers in 14 of the top 20 Fortune 500 companies.
ThreatMetrix said Gameover, a program that hides in computers and tracks keystrokes, including passwords to accounts accessed online, is the work of a single cyber-crime organization. The malware is spread through fake emails purportedly from legitimate retailers.
Gameover is not the only malicious new program out there. A recent ThreatMetrix report detailed how a new criminal malware called Crisis can disrupt, disable and completely take over Apple Inc. Mac computers and lead to "extensive OS X damage and security breaches for OS X users." The malware steals address book information, uploads and downloads files, accesses full file systems, and snoops on webcams, with little chance of being detected.
Baumhof said Crisis is so well hidden and hard to reverse engineer that it represents "a whole new level of sophistication" in malware programming. "Apple has always been known for its virus immunity, but as technology develops very quickly, cyber crime matches the pace," he said. "This is a big jump from what has been seen in the past, and it should make users think twice about protecting themselves against malware on their OS X devices.
"Now that the Apple iOS is much more used, we've seen more and more malware directed at that operating system." Baumhof believes the Crisis malware may have been developed for another purpose before a cyber gang adapted the program to steal data.
Baumhof said mobile devices are also under attack from cyber criminals. He noted Apple recently removed an app from the App Store after discovering it contained malicious code. At a recent hackers convention, a demonstration showed how to access files on a smart phone by hacking into the near field communication element.
Baumhof said the security software commonly used to protect mobile devices is often unsuccessful against these new forms of malware. "This is a different platform with mobile devices, so the infection vector is different," he said. "The infection can come through common uses like social media. If I get a message, how do I know the link comes from a person who is really a friend? There's no way to find out."
Baumhof recommends that payment professionals pay close attention to what programs and files are being downloaded to computers because criminals are releasing applications that appear legitimate and work as promised, but still contain well hidden, malicious code. "Only click on links you can authenticate," Baumhof advised. "If an offer looks like it is too good to be true, often it is too good to be true." 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
