User Login    
 + Register
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (434 reads) News by the same author

(yahoo.com) - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article


Other articles
2014/10/24 10:28:48 - Solar Farm Topic Of Economic Development Meeting
2014/10/24 10:25:45 - Livingston County Library Encourages Reading To Young Children
2014/10/24 10:23:16 - Festival Of Trees Fund-Raiser Set For November 28th
2014/10/24 10:18:02 - Bogard Woman Seriously Injured In Accident
2014/10/24 10:13:53 - Unionville Man Injured In Accident South Of Unionville
2014/10/24 4:42:51 - 5 Ways To Tell If Someone Is Cheating On You
2014/10/24 4:29:07 - Six Bodies Identified After Decades In Oklahoma Lake
2014/10/24 4:24:30 - Peyton Manning Rips Broncos' Scoreboard Operator
2014/10/24 4:20:18 - How To Teach Kids To Be Nice Online
2014/10/24 4:14:12 - Police: Missouri Inmate Who Attempted Suicide Dies
2014/10/24 4:09:40 - 1 Taken To Hospital After Being Hit By Train
2014/10/24 4:05:48 - 8-Year Old Scores Touchdown, Team Fined $500, Coach Suspended
2014/10/23 10:42:45 - Disaster Declaration Requested For North Missouri Counties
2014/10/23 10:38:01 - THS Marching Band And Color Guard To Hold Recognition Program
2014/10/23 10:35:23 - Snow Removal Bids Sought
2014/10/23 6:38:04 - Trenton Chamber Ambassadors To Hold Annual Halloween Trick Or Treat Night
2014/10/23 6:30:41 - Chillicothe Firefighters Respond To Vehicle Fire
2014/10/23 6:26:35 - Meadville Teen Hurt In Accident East Of Laredo
2014/10/23 6:23:59 - Spickard Man Injured In Accident East Of Gallatin
2014/10/23 4:46:44 - Giant Gold Nugget To Be Sold In San Francisco
2014/10/23 4:30:00 - The Worst Things To Buy At Walmart
2014/10/23 4:17:35 - Iowa Man Pleads Guilty To Missouri Bank Robbery
2014/10/23 4:09:49 - UK Man Faked Coma For 2 Years To Avoid Court
2014/10/23 4:04:17 - Wife Of Wade Davis Forks Over World Series Tickets As Tip To Server
2014/10/23 4:00:50 - FBI Confiscates Hot-Selling Royals Panties
2014/10/22 6:42:06 - Missouri Livestock Symposium To Be Held In Kirksville December 5th
2014/10/22 4:52:49 - Dead Babies In Winnipeg Storage Unit 'Tragic Beyond Belief'
2014/10/22 4:43:12 - Two Sunken Vessels From World War II Were Just Found Off The North Carolina Coast
2014/10/22 4:34:36 - Partial Solar Eclipse to Darken US Skies Thursday
2014/10/22 4:26:06 - Homeless Man Victim Of Knock-Out Game Attack



Bookmark this article at these sites

                   

Listen to KTTN-FM