A Boston-based company named Trusteer targets banks with solutions to this problem. Among those solutions is an endpoint malware detection program named Rapport. Banks are encouraged to offer this program to their important clients so that the client computers can be secured.
So, you're a malware author, and you're looking for online banking customers to compromise. Who better to target than people who are so important to a bank that they would receive special software to protect their accounts?
That targeting is just what is happening with the latest malicious spam campaign to appear in the Barracuda Labs spam honeypots.
Only 8 out of 47 antivirus products even recognize the attached malware, which Malwarebytes does identify as Trojan.Agent.rfz.
This trojan downloads three other pieces of malware (one was already inaccessible when we ran our tests,) all of which had even worse detection ratios – only 4 out of 47 for each, although these ratios should improve as antivirus vendors catch up. Note that the periodic contact with Google.com is typical of credential stealers which do so to test internet connectivity.
Trusteer Rapport might actually intercept these downloads, although we have no way of knowing for sure. What we do know for sure is a maxim we repeat often in our blog – don't run attachments received in email unless you personally know the sender, and the contents. It is just too easy to create perfectly deceptive phishing attacks. Instead, if you are asked to install or upgrade software, insist on a URL that is hosted on a reputable site.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.