Salesforce.com Attacked by New Variant of Infamous Zeus Trojan

Networkworld.com reported on 19th February, 2014 quoting security firm Adallom as saying that the Zbot Trojan, which is known to embezzle banking details to drain-off victim's funds, has been identified swiping business information from Salesforce.com", a dominant customer resource management (CRM) company based in San Francisco, California, USA.

Adallom refers to this attack as "landmining" because attackers attacked an employee's vulnerable home computer with landmines waiting for a user to visit Salesforce.com and extract company's information from Salesforce.com website.

Securityweek.com published a report on 19th February, 2014 quoting an explanation by the company as that this Zeus Trojan attack takes advantage of the reliance relationship between a user and the Software-as-a-Service (SaaS) app once the user has been authorized. The attack actually begins when that trust association is established legitimately".

Adallom said that it was tipped-off by an alert coming from increased activity on Salesforce.com of a customer who may be a solo user conducting hundreds of actions in short span of time.

Adallom alerted the security operation team of its customers by informing them of this doubtful activity.

According to Adallom, this kind of alert is a warning alert generally activated by an insider like employee who is trying to fake their record of accounts from their Salesforce.com account.

Adallom quickly analyzed the audited logs and found that the felonious device was generally employed on weekends and nights in a machine with Windows XP running an old edition of IE (Internet Explorer) as the employee had been using the computer to catch up the work during off-hours.

Darkreading.com published news on 19th February, 2014 quoting Ami Luttwak, Co-Founder and CTO (Chief Technical Officer) of Adallom as saying, "This looks like a clever attack against the company bypassing the controls of the company and attacking employee's home computer instead of companies".

The security firm has no knowledge of the attacker's motive to do with the acquired data from Salesforce.com.

To mitigate threats like above, one should be careful of Salesforce account and should use a good version of AV solution. Since malware like Zeus is constantly evolving new variants, traditional signature-based detection alone cannot be effective against this malware.

» SPAMfighter News - 3/4/2014