User Login    
 + Register
PDQ Cleaning
News : Massive Malware Campaign Steals Everybody's Passwords
Posted by Randy on 2014/7/16 4:34:27 (462 reads) News by the same author

(yahoo.com) - Who, or what, is NightHunter? And what do they — or it — want?
Click to see original Image in a new window

Security researchers discovered last week that for the past five years, a mysterious group has been stealing user credentials from Facebook, Dropbox, Skype, Amazon, LinkedIn, Google, Yahoo, Hotmail, the Indian Web portal Rediff and several banks. Dubbed NightHunter, the campaign appears to have amassed an enormous database of stolen information.

The goals of the attacks remain unclear. NightHunter appears untargeted, simply interested in collecting as many user credentials as possible, according to Santa Clara, California-based security company Cyphort, which discovered and named NightHunter.

The NightHunter campaign involves several different types of keyloggers, including Predator Pain, Limitless and Spyrex. What sets NightHunter apart — and has made it so difficult to trace — is the fact that the keylogging malware relays its captured data back to the criminals in an unusual way: by emailing it.

Most malware communicates with its operators using Web protocols such as HTTP or Internet Relay Chat. But the NightHunter malware uses the email protocol SMTP, which has been around since 1982. SMTP "is outdated and often overlooked, so it can be a more stealthy way of data theft," wrote Cyphort's McEnroe Navaraj in a company blog post disclosing the findings.

NightHunter's preferred method of infecting target computers appears to be via phishing emails, Navaraj says. These emails are sent to personnel in the finance, sales or HR departments of all sorts of large companies and organizations, and bear .doc, .zip or .rar attachments, sometimes with fake IDM or 7zip installers bundled in. Some of the phishing emails are crafted to appear to be from goods-resale agents.

In addition to logging user keystrokes, the NightHunter malware also gathers and relays information about the Web browsers, instant-messaging and email clients, password managers, Bitcoin wallets or video games present on an infected computer.

Since 2009, NightHunter has amassed such an enormous database of stolen credentials from the abovementioned online services that, according to Cyphort, whoever is behind the campaign is in a position to do some serious damage.

"The potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks is high," Navaraj wrote in the blog post. "The actors behind NightHunter can use the trove of stolen credentials to leverage big-data analytics and enable new cyberthreats, for purposes of extortion, credit card or bank fraud, stealing state secrets or corporate espionage."

Printer Friendly Page Send this Story to a Friend Create a PDF from the article


Other articles
2014/12/19 17:20:11 - KC Royals Sign Starting Pitcher Edinson Volquez
2014/12/19 17:20:00 - Medlen In, Giavotella Out In Kansas City
2014/12/19 17:16:45 - California JUCO Player Verbals To Mizzou
2014/12/19 17:09:57 - Chillicothe Man Involved In I-435 Multi-Vehicle Accident
2014/12/19 17:04:42 - Thursday Accident Near Newtown Injures Area Women
2014/12/19 17:00:52 - Moore Files For Chillicothe Councilman-At-Large
2014/12/19 16:56:56 - Trial for Trenton Man Accused Of Murder Begins In January
2014/12/19 16:50:42 - Princeton Medical Clinic Adds X-Rays
2014/12/19 16:46:25 - Unionville Man Wins Patrol Trooper Award
2014/12/19 16:41:05 - Friday Morning Wreck Injures Cameron Man
2014/12/19 16:37:52 - Bethany Native Resigns Maryville Superintendent Position
2014/12/18 15:10:26 - 550 Million Year Old Fossils Provide New Clues about Fossil Formation
2014/12/18 15:10:00 - Daniel, Maclin, Coffman Highlight Mizzou's 2014 Hall Of Fame Class
2014/12/18 15:03:45 - Gallatin Man Organizing Regional Horticulture Conference
2014/12/18 14:58:51 - Upgraded Ketcham Center Set To Host 10th Annual Holiday Hoops
2014/12/18 14:48:10 - Royals Add To Pitching Staff, Signing Ex-Atlanta Brave Kris Medlen
2014/12/18 14:31:14 - Buchanan County Inmate Found Dead
2014/12/18 14:26:33 - Thursday Morning Accident Injures Jamesport Man
2014/12/18 12:30:00 - Ankle Bracelet Helps Police Catch Suspected Burglar
2014/12/18 12:27:33 - THS Freshmen Split With Cameron Dragons
2014/12/18 12:20:24 - Tri-County Conference Rivals Split Hoops Doubleheader
2014/12/18 12:15:46 - U.S. Officials Blame North Korea For Sony Hack
2014/12/18 12:06:48 - U.S. Kills Three ISIS Leaders in Iraq Strikes, Officials Say
2014/12/18 11:30:00 - Milan Wildcats Find Struggles At Knox County, Lose Stallbaumer To Injury
2014/12/18 11:28:41 - Hornets Stay Red-Hot, Sweep Macon
2014/12/18 11:21:10 - St. Joseph Truck Driver Convicted in Child Prostitution Case
2014/12/18 11:16:36 - Lafayette Girls Upend Hamilton, 45-40, Head To Trenton On Saturday
2014/12/18 5:50:00 - School Announcements For Thursday (7:41 AM Update)
2014/12/17 13:22:19 - Could Alcatraz Escapees From '62 Have Survived?
2014/12/17 13:10:28 - Waco, Texas Meteorologist Shot Outside TV Station



Bookmark this article at these sites

                   

Listen to KTTN-FM