User Login    
 + Register
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (437 reads) News by the same author

(yahoo.com) - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article


Other articles
2014/10/31 13:20:00 - Milan Coaches Show For Thursday, 10/30/14
2014/10/31 9:42:05 - KC Royals Acquire Minor League Catcher
2014/10/31 7:40:47 - PSC Cold Weather Rule Takes Effect November 1
2014/10/31 7:33:53 - MoDOT To Hold Winter Readiness Drill
2014/10/31 6:31:42 - Trenton Police Department Offers Halloween Safety Tips
2014/10/31 4:35:51 - Halloween Is A Dangerous Night For Impaired Driving
2014/10/31 4:26:18 - Student Threatens To Bring Gun To School; Lack Of Communication Upsets Parents
2014/10/31 4:21:03 - Ameren To Lower Gas Rates For Missouri Customers
2014/10/31 4:12:03 - Elderly Man Shoots Woman Who Kicked In Door
2014/10/31 4:07:35 - Trenton Woman Arrested On Violation Of Probation
2014/10/31 4:05:02 - Unity Road To Be Closed For Railroad Crossing Work
2014/10/30 10:19:14 - 11 Men Sentenced In International Child Porn Ring
2014/10/30 10:07:13 - Plane Crashes Into Building At Airport In Wichita, Kansas
2014/10/30 9:22:06 - Grundy County Circuit Court News
2014/10/30 9:19:12 - Summit Natural Gas To Raise Rates
2014/10/30 9:13:29 - Chillicothe Police Make Additional Arrest In Drug Investigation
2014/10/30 4:40:00 - Mother Upset After School Vaccinates Her Child Without Her Permission
2014/10/30 4:36:29 - Illinois Teacher Calls Jamaican Students "N" Word After They Object To 'Afro-American'
2014/10/30 4:09:13 - Kirksville Teen Arrested For Child Molestation
2014/10/30 4:02:02 - Missouri Inmate Indicted For Killing Cellmate
2014/10/30 3:59:21 - Wentzville Parents Charged In 10-Week-Old's Death
2014/10/29 12:36:00 - "Mr. Mizzou" John Kadlec Passes Away at 86
2014/10/29 12:33:08 - NCMC Announces Cancellation of "Meet the Pirate" Night
2014/10/29 12:28:54 - Pre-Season Parent Meeting Approaches For THS Wrestlers
2014/10/29 12:24:51 - Alex Smith Suffers Shoulder Injury
2014/10/29 12:19:43 - 7th Heaven : Royals Push World Series To Dramatic Final Game
2014/10/29 10:40:56 - Health Fair To Be Held Saturday In Mercer County
2014/10/29 10:38:44 - Solar Farm, Electric Rates Topic Of Trenton Board Of Public Works
2014/10/29 10:36:41 - Program On Ebola To Be Presented Saturday In Chillicothe
2014/10/29 10:34:22 - Chillicothe Police Department Makes Arrests On Drug Charges



Bookmark this article at these sites

                   

Listen to KTTN-FM