In February, Cisco Managed Threat Defense (MTD) security investigators detected a rash of Dridex credential-stealing malware delivered via Microsoft Office macros. It’s effective, and the lures appear targeted at those responsible for handling purchase orders and invoices. Here’s a breakdown of the types of emails we’ve observed phishing employees and inserting trojans into user devices.
My personal email has 4 characteristics that drive me crazy:
- I get way too much email
- Most of my emails are a waste of time
- Emails carry the risk of, very rarely, nasty virus payloads (or link you to sites that have worse)
- Despite all this, I can’t live without email Read More »
Reports of the recently discovered Duqu trojan have spawned much speculation and even resulted in the trojan being dubbed “the son of Stuxnet” or “Stuxnet 2.0.”
So what is Duqu and how does it compare to Stuxnet?
Duqu is an infostealer trojan designed to sniff out sensitive data and send it to remote attackers. Conversely, Stuxnet was a worm with a malicious payload designed to programmatically alter industrial control systems.
I’ve heard Duqu called Stuxnet 2.0. Why is that?
Earlier today we released IPS Signatures 39866-0 and 39866-1 as part of the S603 update to our Cisco Services for IPS customers. These signatures detect or block network traffic associated with the “R2D2 trojan” allegedly used by German authorities to surveil individuals of interest. Originally discovered and announced by the Chaos Computer Club in Germany, this software contains functionality to install software, monitor and remotely control any computer it is installed upon.
This is not the first time Cisco Security Intelligence Operations has reported on this software. We released a public Malware Alert on 10/13 and discussed it in our weekly Cyber Risk Report. The following caption is from the Cyber Risk Report entry: