Global Newsworthy Threats Affecting APAC

It has been postulated that the majority of these accounts were obtained via "traditional" phishing attempts. However, theories that this could be attributed to a more sophisticated information stealer also abounded.

The other threats that were discovered during the month seem to support the emergence of a more sophisticated information stealer such as the latest BEBLOH variant . This deviated from the normal info-stealing malware routines of keylogging and sending user credentials to malicious users for future use. This malware specifically employed stolen credentials to actually steal money from users' accounts. Once executed, it connects to its command and control (C&C) server from which it downloads a configuration file. The said file contains names of target banks, the account to which the stolen money should be transferred to, and conditions as to how much money should be stolen. The malware's stealth capabilities allow it to perform all these malicious activities without the users' knowledge.

ZBOT also continued to infect users with several campaigns that involved enhanced social engineering techniques. These campaigns include the CapitalOne phishing attack that lured users into giving away their login credentials with the help of a new ZBOT variant. This malware disguised itself as a "digital certificate" to trick users into executing it. Another ZBOT variant pretended to be an email notification from various companies' system administrators. The tailor-made spammed messages informed users of a supposed "server upgrade" and contained a link that led to the download of the malware.

Spam runs also continued to make waves, with one FAKEAV variant even using Conficker/DOWNAD as bait . Another spam campaign also enticed users to update their inbox settings, which led to the download of another FAKEAV variant. What was odd, however, was that this variant contained legitimate ClamAV files in an effort to hide its malicious routines. Other spammed messages also took advantage of popular events (i.e., Michael Jackson's "This Is It" movie premier), special holidays (i.e., Halloween ), and social networking sites (i.e., Facebook ). One spam run, in particular, also tried to trick users with spoofed contracts of settlement from LSM Company .

October also witnessed the emergence of a new kind of file infector that hid legitimate files and had the ability to move host files to various locations to avoid detection and removal. A zero-day exploit targeting Adobe Reader and Adobe Acrobat 9.1.3 and earlier versions was also discovered in the form of a .PDF file containing a JavaScript that could execute arbitrary code. ASProx also has seemingly reawakened as a recent variant took advantage of certain Adobe vulnerabilities through several compromised Indian, Thai, and New Zealand websites.

A phishing attack specifically targeted Gmail users in Taiwan using a technique known as "spear phishing," as the email could customize phishing URLs using the names of intended recipients.