A Boston-based company named Trusteer targets banks with solutions to this problem. Among those solutions is an endpoint malware detection program named Rapport. Banks are encouraged to offer this program to their important clients so that the client computers can be secured.
So, you're a malware author, and you're looking for online banking customers to compromise. Who better to target than people who are so important to a bank that they would receive special software to protect their accounts?
That targeting is just what is happening with the latest malicious spam campaign to appear in the Barracuda Labs spam honeypots.
Only 8 out of 47 antivirus products even recognize the attached malware, which Malwarebytes does identify as Trojan.Agent.rfz.
This trojan downloads three other pieces of malware (one was already inaccessible when we ran our tests,) all of which had even worse detection ratios – only 4 out of 47 for each, although these ratios should improve as antivirus vendors catch up. Note that the periodic contact with Google.com is typical of credential stealers which do so to test internet connectivity.
Trusteer Rapport might actually intercept these downloads, although we have no way of knowing for sure. What we do know for sure is a maxim we repeat often in our blog – don't run attachments received in email unless you personally know the sender, and the contents. It is just too easy to create perfectly deceptive phishing attacks. Instead, if you are asked to install or upgrade software, insist on a URL that is hosted on a reputable site.
Christine Barry ist Senior Chief Blogger und Social Media Manager bei Barracuda. Bevor sie zu Barracuda kam, war Christine über 15 Jahre als Außendiensttechnikerin und Projektmanagerin für K12 und SMB-Kunden tätig. Sie hat mehrere Zugangsdaten für Technologie und Projektmanagement, einen Bachelor of Arts und einen Master of Business Administration. Sie ist Absolventin der University of Michigan.
Vernetzen Sie sich hier auf LinkedIn mit Christine.