February 1, 2011

Teqila Botnet

A new type of attack included a name of a girl that will steal banking or financial information.It comes in many ways by clicking on a website that contains the information about the four-year-old girl, Paulette Gebara Farah, who was later found dead in her own bedroom, through messenger, via USB devices.



Effect: 
  • Users are instructed to download and install Adobe Flash Player when prompted by the fake dialog box on the malicious site. Clicking Run leads to the download of video-de-la-mama-de-paulette.exe, the client program of a bot detected as TSPY_MEXBANK.A.
  • Once the executable file video-de-la-mama-de-paulette.exe is executed on the affected system, the bot connects to the bot server to retrieve necessary information. This server displays the total number of zombies and a list of the compromised computers. ID numbers, client names, and executed actions are included in the list of zombies as well.
    This botnet has a fairly comprehensive feature set. Each feature is placed in its own "module," which the botnet herder can configure one by one. It even has the option to disable or enable a bot, to start netcat which is actually a powerful networking utility that can be used as a backdoor on a bot. 
  •  Its comprehensive feature set makes the pharming module to be used as identity stealing tool from PayPal and Bancomer users. 
  • Spoofed email messages from the supposedly legitimate companies urge the recipient to click links to update their personal profiles or to carry out some transaction. The link then takes the victims to the fake websites where the financial information they entered is directly routed to the scammer.

It has attacked paypal and Bancomer account users who are 150 million and 11 million users respectively.

Prevention:
  • Use a good anti-virus from reputed companies like Trend Micro, Symantec, Mcafee etc and keep their virus definitions updated.
  • Scanning the attachments while downloading them.
  • Enable mail scanning.
  • Be wary of phishing pages that purport to be legitimate websites, as these are primarily designed to fool unwitting users into handing over their personal information.
  • Be cautious while opening the links.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More