Has a malicious bot secretly infected over a million computers and likely to spread to many times that? That’s the contention of security firm iDefense, a Reston,VA-based company owned by VeriSign.
Metafisher, also known as Spy-Agent and PWS, are considered the most sophisticated bots focused on financial fraud, according to iDefense. With multiple variants, the bot (a self-running program) can be spread through numerous means, including an e-mail that prompts users to visit a Web site, whereupon it exploits a Window security hole known as WMF, for Windows Metafile exploit.
Microsoft’s electronic Windows Update software and various anti-virus firms have issued patches to protect against WMF exploits. But users who have not made those updates would be at risk.
Encrypted FTP
“MetaFisher uses HTML inject techniques to phish information from victims after they authenticate to a targeted bank account,” Ken Dunham, director of iDefense’s rapid response team, said in a statement. “This enables the attackers to steal legitimate TAN numbers, passwords, or other sensitive data required for fraud activities.”
Dunham said Metafisher has targeted financial institutions in Spain, the United Kingdom, and Germany.