Saturday, 21 September 2013

FBI warns of bank-robbing Beta Bot malware that disables antivirus

Security padlock image
The FBI's Internet Crime Complaint Centre (IC3) has warned businesses to be wary of new malware called Beta Bot capable of disabling antivirus programs.
The IC3 issued the warning in a public blog post, confirming that it has seen the malware used to target a variety of organisations.
"The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as login credentials and financial information. Beta Bot blocks computer users' access to security websites and disables antivirus programs, leaving computers vulnerable to compromise," read the warning.
The intelligence report added that the malware usually looks to trick users into downloading it by masquerading as a legitimate Microsoft Windows message, asking the user to allow the "Windows Command Processor" to modify the user's computer settings.
The FBI's IC3 said it has also seen incidents of the malware spreading via USB sticks and Skype, and that it can steal a variety of data from the infected machine. "If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites," read the post.
On the upisde, the FBI security centre said there are steps victims of the Beta Bot malware can take. "Remediation strategies for Beta Bot infection include running a full system scan with up-to-date antivirus software on the infected computer," read the report.
"If Beta Bot blocks access to security sites, download the latest antivirus updates or a whole new antivirus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently reformat the USB drive to remove any traces of the malware."
Since the IC3 report went live, many security firms have questioned whether the malware is new. Russian security firm Kaspersky reported that Beta Bot was actually discovered at the start of the year and is often thought of as a low-level threat, leaving it unclear why the agency is making such a fuss about it.
"While the FBI refers to Beta Bot as new, the malware surfaced at the beginning of the year as an HTTP bot and later expanded its capabilities that spring," said Kaspersky's blog post.
"Beta Bot was never thought to have been as sophisticated as Trojans designed specifically for bank fraud, so it's unclear if the FBI's warning coincides with a new rash of Beta Bot infections or a new set of technical capabilities for the malware."
Banking-focused malware is an ever-present problem facing the security industry, with criminals creating increasingly sophisticated attacks. Earlier this month Trend Micro researchers detected evolved versions of the notorious Citadel banking Trojan targeting Japanese computer users.

No comments:

Post a Comment