Retefe Trojan Now Attacking Financial Institutions in Japan, Says CSIS

According to CSIS the security company based in Denmark, the Retefe malware's configuration file has been found containing one name-list of a number of banks and other financial institutions to be targeted, with the malware currently hitting banks inside Japan as well.

The malware, which is in fact a Trojan, gets disseminated via junk e-mails as also arrives in disguise of a file attachment from some credible organization. However, if the attachment is viewed, the Trojan changes the DNS details along with Certificate Memory pertaining to any Windows computer.

Subsequently, the Retefe downloads fresh certificates and ensures that all traffic protocols get altered for diverting the e-traffic onto the remote attackers' computers. However, the victim's PC considers its SSL connection as secure despite there not being any defense against such assaults.

The entire process eliminates any doubt of sinister operation being carried out on the PC as no threat gets identified, while the victim senses the digital certificate as maintaining safe communication with the bank, whereas actually all of the traffic gets transmitted via sinister servers.

But, security researchers intercepted the Trojan in time to be examined thereafter. They discovered a modified form of the list-name containing the would-be attacked entities, while there were thirty-or-more web-pages included associated with many banks operating in Japan.

Retefe isn't unknown. It drew the notice of security experts as well as the media long back when during Operation Emmental (the name Trend Micro gave), the Trojan played the vital role. Incidentally, Emmental is name of a Swiss cheese.

During Emmental's activity, the cyber-criminals hacked into PCs belonging to bank clients within Austria, Sweden and Switzerland along with many other European nations.

As with online bank transactions, the two-factor authentication normally works; the attackers instructed the victims for taking down one bogus banking application they used for tapping the authentication codes users received from their banks.

Now, for remaining safe from the Trojan's infection, CSS suggests end-users use the most recent anti-virus for scanning their system as also deploy an auto-updater, a kind of software that keeps hunting fresh updates and loads any automatically onto the system.

ยป SPAMfighter News - 10/22/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next