Overdrive spam campaign targets banks

Solera Networks Research Labs (SNRL) has contacted me about a spam campaign targeting users and employees of commercial online bank accounts. Andrew Brandt, director of threat research, says this thing infects victims with Trojans in less than 30 seconds.

Key takeaways:

--The spam was coming in at a rate of roughly 26 emails per hour to SNRL’s collection points, but dropped off pretty rapidly the morning of 1/25 (normally, SNRL see 1-2 samples from any given spam campaign per day, per inbox.

--The Trojan is fairly sophisticated, and employs a technique called HTML injection to modify the contents of Web pages before the browser renders them.

--This permits the malware creator to redirect login credentials (i.e., usernames and passwords) to a destination of his choosing, not that of the bank, even though the person logging into the bank's Web site sees nothing out of the ordinary.

--The targeted commercial bank accounts can have a LOT of money in them and offer, paradoxically, much less fraud protection than a typical consumer bank account. The spam emails are clearly very sophisticated and targeted at (mostly) this one business segment.

Brandt said in the email: "Whoever is behind this is after a big payday and early retirement on a remote tropical island."

See his blog analysis HERE.