-
December 10th, 2008, 03:11 PM
#1
Junior Member
Name of Checkfree trojan?
Does anyone know the name of the trojan used in the Dec. 2nd DNS hijack of CheckFree?
-
December 10th, 2008, 03:19 PM
#2
DNS wasn't really hijacked. They managed to obtain the username/password that allowed them to change the domain.
They probably got those credentials with spear phishing.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 10th, 2008, 04:32 PM
#3
Junior Member
Originally Posted by SirDice
DNS wasn't really hijacked. They managed to obtain the username/password that allowed them to change the domain.
They probably got those credentials with spear phishing.
You sir are correct, poor wording on my part. Do you know what the name of the malware/trojan was? I need this info because I have to call customers who were affected by this. I am just wondering what McAfee or Norton would have called the software if detected.
-
December 10th, 2008, 04:44 PM
#4
As I said, they probably used spear phishing, not a trojan or any other type of malware.
http://en.wikipedia.org/wiki/Phishing
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 10th, 2008, 04:57 PM
#5
Junior Member
Originally Posted by SirDice
No. The users that were directed to the site in the Ukraine, as opposed to the real checkfree site could have had their computers infected with malicious software. My question is what would a antivirus scanner identified the threat as? Most sources say the fake web server attempted to download a Trojan using an IE exploit. I want the name of the Trojan. That is my question here.
-
December 10th, 2008, 05:11 PM
#6
According to CNET the name of the file was msn.exe.
Nov 26, 2008 ... Customers of CheckFree.com, an online bill paying site, .... and in the background downloads a password stealing Trojan named 'msn.exe.'" ...
news.cnet.com/8300-1009_3-83.html?keyword=%22trojans%22 - 139k -
http://voices.washingtonpost.com/sec...l?nav=rss_blog
There are many variants of this virus
http://www.viruslist.com/en/virusesd...pter=153317860
In God We Trust....Everything else we backup.
-
December 10th, 2008, 05:14 PM
#7
Ah.. Now I understand
AFAIK they used an adobe acrobat exploit to install a keylogger. See http://www.securityfocus.com/bid/30035
No names, so it's likely a custom build exploit.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 10th, 2008, 05:45 PM
#8
Junior Member
Thank you both. Both posts contain info that I did not have!
Similar Threads
-
By GbinaryR in forum AntiVirus Discussions
Replies: 11
Last Post: October 30th, 2008, 09:33 AM
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By MrLinus in forum AntiVirus Discussions
Replies: 1
Last Post: October 12th, 2004, 05:26 AM
-
By LordChaos in forum Firewall & Honeypot Discussions
Replies: 19
Last Post: October 4th, 2002, 11:58 AM
-
By [WebCarnage] in forum Security Archives
Replies: 0
Last Post: January 10th, 2002, 09:10 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|