Wednesday, February 9, 2011

Password Stealers: The danger of a missed threat.

  A missed threat happens to every vendor, no matter what AV product you use at some time a malware sample will get through. However one type of threat in my opinion is the worst one you could possibly get hit with: A Password Stealer. What is a password stealer you may ask, a password stealer records the passwords you enter for your banks, credit card company's, paypal accounts, and many other financial companies. The damage of getting his by a password stealer is worse then just having to go through and cleaning up after a malware infection. You must go through and clean up the malware infection plus call all your banks, get new passwords for every site and hope you do it quick enough before the hackers gain access to your accounts and start taking money out.

 A few of the common password stealer's are Zeus/SpyEyes (As of now it seems these two malware family's recently merged) and a newer one starting to become more common is Carberp. These trojans are sold in toolkits (like the fake social app one). Newer version toolkits cost more while older versions can be bought much cheaper. Malware writers also sell plugins writers can buy to extend their banking trojan and add new features on. These plugins include killing the av product on the machine, killing other banking trojans so only the newly installed banking trojan gets the passwords, and updated passworld stealing tech. Today as I was researching malware samples I ran into two of the Carberp banking trojan plugins (http://www.virustotal.com/file-scan/report.html?id=73cd5020efbb972ab0231236db98c3de225c06c4d4378747426527a1685c965a-1297292330 and http://www.virustotal.com/file-scan/report.html?id=ee2b6faa5ea31285a57b75e529f1592b07d97ba6988bf51fcacd44a8e6014f65-1297292866  ) and as you can see both had very low detection rates. That is the danger of getting hit by one of these new versions of a password stealer. They can steal your credit info before your AV even warns you.

 That is why I personally recommend running a layered security setup. Trusting in one product to protect your whole computer is dangerous with the rate malware is coming out. That does not mean you should run more the one AV, running more then one AV lowers your protection instead of improving it. You can find many good security products out their down that are created to work next to your av.

You can learn more about the Carberp trojan here: https://blog.trendmicro.com/carberp-trojan-steals-information/

No comments:

Post a Comment