A code fragment of a threat discovered as starting its mission on social media networks is suspected to be a new bot called Andromeda, which is very similar to the now infamous ZeuS and SpyEye, known for targeting digital assets all around the globe.
Cybercriminals will combine social engineering with other types of exploits to achieve their final goal and that seems to be the case in the latest situation discovered by
Microsoft's Malware Protection Center.
The whole infection process begins on social networks where an innocent looking comment hides a page that urges the user to click on another link.
Once the second link is clicked, the unsuspecting victim is directed to a malicious content that loads an iframe which references a server that hosts a variant of the BlackHole exploit kit.
The exploit server then probes the browser for vulnerabilities until it can find a way to get in. In the example provided by MMPC, an outdated Java plug-in allowed for the attack to take place, giving the perpetrator unauthorized access to the system by obtaining elevated privileges.
The final payload is represented by a worm known as
Worm:Win32/Gamarue.A, the one that's suspected to be part of Andromeda.
Gamarue.A is known to easily spread from a computer to another in some cases by copying itself to removable or network drives.
Email attachments are also common for this type of worm, but for it to properly infect a system, its master needs to do a little social engineering.
If a month ago, when it was first spotted, not many security providers detected the threat, now an updated anti-virus should keep you safe.
Other precautions include strong passwords, limited user privileges, caution when opening links and suspicious webpages and a keen observation when targeted by social engineering operations.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
