« Cost of Data Protection vs. Cost of Data Breach | Main | Podcast: 80 Percent of Security Attacks Come From the Inside: A Talk With Cyber-Ark »

In a new wave of phishing attacks, companies have been receiving spam disguised to look like it’s coming from the Better Business Bureau. According to eWeek, for the scam to work, the user must click on the link embedded in the email (which we all know better not to do, right?).

Once activated, the Trojan steals all data transmitted by the victim’s browser to other sites, including information sent over SSL (Secure Sockets Layer) Web sites. This is possible because the BHO, or browser helper object, intercepts the data before it’s encrypted. Only Internet Explorer is capable of loading BHO, so other browsers are immune to the attack.

Experts have speculated that the attack was successful because it has been used selectively. Had it been spammed to the masses, it would have allowed the spam filters to pick up on it better, and it would have also attracted some press which would have made more people aware of it.

SecureWorks, a managed security services provider out of Atlanta, uncovered a cache of stolen data from the scam that included band and credit card numbers from 1,400 high-level executives. "Getting data from SSL streams is not all that new, actually—I hope people aren't under the impression that SSL encryption has been protecting them from malware stealing their data—SSL only provides privacy for the traffic out on the network," Joe Stewart, a senior analyst at SecureWorks, said. "Once someone manages to get their malware onto your system, they can pretty much see any data you are working with if they want to badly enough."

Posted by pschooff in Phishing |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1947