User Login    
 + Register
PDQ Cleaning
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (568 reads) News by the same author

(yahoo.com) - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article


Other articles
2015/9/4 12:20:00 - Milan Lady Wildcats Even Record With Road Win
2015/9/4 12:07:25 - Chiefs Win Governor's Cup, Finish Preseason Unbeaten For First Time Since '69
2015/9/4 12:01:14 - Trojans Spoil Bulldog Home Opener, In Straight Sets
2015/9/4 11:30:00 - Lady Bulldogs Beat Cameron, 6-3
2015/9/4 11:30:00 - Trenton Golf Finishes 2nd At Kirksville
2015/9/4 10:26:49 - NCMC Organization Announces Officers For '15-'16 School Year
2015/9/4 10:22:25 - THS Key Club To Sponsor Saturday Morning Runs
2015/9/4 10:13:33 - Motorcycle Accident Results In Moderate Injuries
2015/9/4 10:04:56 - Fatality Accident Reported In Southern Harrison County
2015/9/4 10:01:16 - Trenton To Hold "Garage Sale Day" Later This Month
2015/9/4 9:57:43 - Sunnyview Seeks Christmas Donations
2015/9/4 9:52:26 - Guilty Plea Given In Solar Fraud Case
2015/9/4 9:48:02 - Accident Outside Cameron Injures Maysville Woman
2015/9/4 7:30:00 - Wright Memorial Hospital Introduces New Physician
2015/9/3 13:40:00 - Milan Wildcat Coaches Shows For Thursday, 9/3/15
2015/9/2 16:50:00 - New Band Of Pirates Ready To Make Mark On '15-'16 Season
2015/9/2 16:25:24 - Chiefs Tight End To Sit Out Governor's Cup Game
2015/9/2 16:21:07 - Lady Bulldog Volleyball Loses At Plattsburg
2015/9/2 16:13:38 - Bulldogs Slip By Midgets In Tight Golf Duel
2015/9/2 16:08:12 - Trenton Tennis Routs Bishop LeBlond, 8-1
2015/9/2 16:03:56 - Gordo's Back! Royals Make Flurry Of September 1st Moves
2015/9/2 15:30:00 - Body Found Under Bridge At Cameron With Gunshot Wound
2015/9/2 14:54:06 - Princeton Tiger Coaches Shows For Wednesday, 9/2/15
2015/9/2 13:43:43 - Farmer's Electric Customers Being Targeted By Scammers
2015/9/2 13:35:51 - Humphreys Woman, Galt Man, KC Man Indicted By Grand Jury On 15 Counts Of Meth And Firearms
2015/9/2 13:18:21 - Nebraska Fires PA Announcer, Facebook Post Blamed
2015/9/2 6:50:24 - Hillsboro High Students Walk Out Over Transgender Dispute
2015/9/2 6:29:10 - Catfishing Turns Into Cat Fishing
2015/9/2 6:06:34 - Hunt For 3 Suspects In Illinois Officer's Death Continues
2015/9/2 4:10:53 - Missouri Executes Man For Girl's 1989 Killing



Bookmark this article at these sites

                   

Listen to KTTN-FM