User Login    
 + Register
PDQ Cleaning
TV Banner
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (399 reads) News by the same author

(yahoo.com) - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article


Other articles
2014/8/30 0:20:00 - Lexington Runs Over Trenton, 34-6
2014/8/29 16:07:54 - "Kaleidoscope Run" To Start Homecoming Week At THS
2014/8/29 15:51:13 - Trenton, In Return To Class 2, To Host District 16 Softball Tournament
2014/8/29 15:36:48 - Trenton Golfers Take Fifth Place At Lafayette Tournament
2014/8/29 15:32:52 - Drive One For Your School Event To Raise Money For Three Area School Districts
2014/8/29 15:27:34 - Princeton Chamber To Meet Concerning Cow Palace Repairs
2014/8/29 15:23:47 - NFL Suspends Former Mizzou Standout Aldon Smith For Nine Games
2014/8/29 15:21:23 - KC Chiefs Lose Preseason Finale, 34-14 At Green Bay
2014/8/29 15:00:00 - KC Royals Claim Veteran Jayson Nix Off Waivers
2014/8/29 10:05:43 - Lawson Softball Tips Chillicothe, 3-2
2014/8/29 9:51:45 - Truman State Hoops Coach Leaves For Pro Job
2014/8/29 9:50:00 - CHS Lady Hornet Volleyball Opens Season With Sweep Of Trenton
2014/8/29 9:40:04 - Softball Scoreboard : Gallatin Tips Milan 2-1
2014/8/29 9:22:50 - Savannah Tennis Beats Trenton, 8-1
2014/8/29 7:28:34 - Amber And Jim Shippen Latest Contributors To WMH Foundation
2014/8/29 6:20:30 - Hamilton Resident Life Flighted After Accident South Of Cameron
2014/8/29 5:21:37 - Trenton Downtown Improvement Association Approves Loans For Building Projects
2014/8/29 4:35:36 - Crews In Hazmat Suits Search Springfield Home For Ricin
2014/8/29 4:27:55 - Suspect In 6-Year-Old's Death Charged With First-Degree Murder
2014/8/29 4:23:52 - Missouri Unveils Aid Effort To Ferguson Businesses
2014/8/29 4:19:11 - Cat-Astrophic Revelation Purr-Turbs Hello Kitty Fans
2014/8/29 4:15:39 - 4-Year-Old Expelled Over His Mother's Facebook Post
2014/8/29 4:10:25 - Date Set For Local Recount On "Right To Farm" Issue
2014/8/29 4:03:50 - One Injury In Accident West Of Trenton
2014/8/28 15:01:25 - KC Royals Turning Back Clock To 1974
2014/8/28 14:50:00 - Milan Coaches Shows For Thursday, 8/28/14
2014/8/28 12:50:00 - Chillicothe Hornets Have Dominant Tennis, Golf Performances
2014/8/28 12:32:42 - KC Royals Urge Fans To "Wear Blue" For Rare Sunday Night Game
2014/8/28 12:27:24 - KC Royals Place Top Prospect Starling In Arizona Fall League
2014/8/28 12:21:45 - Brookfield Wins Extra-Inning Showdown With Penney, 3-2



Bookmark this article at these sites

                   

Listen to KTTN-FM