How do you say “I’ve Been Robbed” in German?

by Tim Sloane 0

This article in PC World identifies a new virus called Emotetthat recognizes German banking credentials. To be honest, I was unaware that viruses had not yet infected Germany,but then all good things must eventually come to an end.

“Microsoft says Germanspeakers are being targeted by a new variant of a powerful type of malware thatsteals online banking credentials.

The malware, called Emotet,was spotted around last June by security vendors. It is notable for its abilityto sniff out credentials sent over encrypted HTTPS connections by tapping intoeight network APIs, according to a writeup from Trend Micro from last year.

Microsoft has been observinga new variant, Trojan:Win32/Emotet.C, which was sent out as part of a spamcampaign that peaked in November targeting mostly German-speaking users, wroteHeungSoo Kang of Microsoft’s Malware Protection Center.”

The virus disguises itself in a variety of clever guises inan effort to promote users to click on it. Once clicked, it then uses stolen information to spread its venom whilewaiting to pounce on any banking credentials it can sniff out:

“Thespam messages try to gain the attention of potential victims by purporting tobe some sort of claim, a phone bill, an invoice from a bank or a message fromPayPal.

Spammessages containing Emotet can be tricky to filter because the messagesoriginate from real email accounts, Kang wrote. One technique to stop spammessages is to reject messages that come from bogus accounts by checking if theaccount really exists.

Emotetcomes with a list of banks and services it is designed to steal credentialsfrom. It will also pull credentials from a variety of email programs, includingversions of Microsoft’s Outlook, Mozilla’s Thunderbird and instant messagingprograms such as Yahoo Messenger and Windows Live Messenger

.

Thestolen information is sent back to Emotet’s “command and control (C&C)server where it is used by other components to send spam emails to spread thethreat,” Kang wrote.”

I’m actually positive that Germans have already beenvictimized by similar viruses, but I guess this is a strong reminder to all ofus not to click on links we are unsure of.


Overview by Tim Sloane, VP of Payments Innovation for Mercator Advisory Group

Read full story in PC World