User Login    
 + Register
PDQ Cleaning
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (493 reads) News by the same author

(yahoo.com) - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article


Other articles
2015/3/5 10:56:27 - KC Royals Sign Yordano Ventura, Seven Others, For 2015
2015/3/5 9:20:00 - Reports : Lewis And Clark Conference Extends Offers To Three Schools
2015/3/5 9:07:25 - Four Protesters Arrested Outside Ferguson Police Headquarters
2015/3/5 8:59:23 - Man Burned By Fajitas, While Praying, Can Not Sue Applebee's
2015/3/5 8:50:00 - Grand River Conference Announces 2014-2015 Postseason Basketball Honors
2015/3/5 8:24:50 - Unbeatens Mercer, Meadville Move To Class 1 State Quarterfinals
2015/3/5 8:20:00 - Shamburger Leads Mizzou To Senior Night Win
2015/3/5 8:03:14 - Chillicothe Coloring Contest Winners Announced
2015/3/5 7:58:08 - Webb Resigns From Grundy R-5 Board
2015/3/5 7:55:12 - Gallatin Sixth Graders Graduate From DARE Program
2015/3/5 7:40:46 - "Guys And Dolls" To Be Performed In Gallatin
2015/3/5 7:37:19 - Tuesday Afternoon Wreck Injures King City Man
2015/3/5 7:33:36 - Iowa Man Arrested In NW Missouri On Rape Accusations
2015/3/3 6:42:26 - Two Arrested By Grundy County Sheriff
2015/3/3 6:40:00 - Grundy County Sheriff Enters World Of Social Media
2015/3/3 6:38:43 - Bethany Man Injured In Early Morning Accident
2015/3/3 6:36:17 - Twenty Grundy County Entities Not Holding Election
2015/3/3 6:31:41 - Bishop Hogan Memorial School At Chillicothe To Hold Fundraiser
2015/3/3 5:43:01 - Head-On Collision Kills Ridgeway Man, Closes I-35
2015/3/3 4:18:07 - Mom Convicted Of Killing Son, 5, By Poisoning Him With Salt
2015/3/3 4:13:51 - US Considers Banning Type Of Popular Rifle Ammunition
2015/3/3 4:10:05 - Teacher Found Hanged In Southern California High School Classroom
2015/3/3 4:05:34 - Bill Clinton's Official Portrait Includes Shadow Of Monica Lewinsky's Infamous Blue Dress, Artist Says
2015/3/3 3:58:05 - Columbia Man , 88, Pleads Guilty To Fatally Stabbing Wife
2015/3/3 3:54:41 - Police: Woman Falls Through Ice, Dies Trying To Retrieve Dog
2015/3/3 3:52:07 - Body-Camera Maker Has Financial Ties To Police Chiefs
2015/3/2 13:10:00 - Mercer Cardinal Coaches Shows For Monday, 3/2/15
2015/3/2 10:41:34 - Grundy R-5 Coaches Shows For Monday, 3/2/15
2015/3/2 9:45:56 - Grand River Conference Balances Divisions With Braymer Move To The West
2015/3/2 9:32:24 - Nine Injured In Weather Related Accidents Over The Weekend



Bookmark this article at these sites

                   

Listen to KTTN-FM