Email has become one of the most common forms of business communication, but the prevalence of email has created a market for cybercriminals who can use the medium to steal information. For example, a new version of the much-maligned Cridex malware has built-in email and server credentials and can automatically send messages containing worm attacks, thus perpetually continuing its spread.
The infamous worm, previously used to steal banking information, is now more streamlined and uses automation to infect its victims' devices, according to researchers at Seculert. Once the new version is installed on a device, it downloads a worm that is capable of communicating with a command-and-control server. The worm contains stolen credentials of more than 50,000 simple mail transfer protocol email accounts. Attackers are able to log into the accounts and send malicious emails that look authentic containing links to more malware, thus continuing the cycle, according to Dark Reading.
"Usually we see additional malware they download from some other attacker that uses the same machine, or additional components that add some capabilities to the malware itself. This is the first time I've seen something that combines it," said Seculert CTO Aviv Raff. "This downloads something that it itself sends to new victims."
Cridex only targets Windows platforms and works by sending spam emails out in batches. The email malware scam’s command-and-control server sends 20 email addresses at a time, and spam messages are then sent to those accounts. In an effort to keep messages from being flagged for phishing, the attackers change the email's subject line, sender address and message content with each batch. The worm traditionally spread via removable drives, but more recent versions have been popping up through Blackhole exploit kits, according to security firm Trend Micro.
"As this is information stealing malware, it appears the attackers can profit from this information in many different ways, from gaining access to lucrative accounts and enterprise networks, to selling this information to other adversaries who may find this information more interesting," Raff said in an email to SC Magazine.
FoIP more secure for business communication
Dell's SecureWorks Counter Threat Unit released a report in February on the top botnets of 2013 and Cridex was one of the main trojans mentioned, meaning it's only getting stronger and more prevalent with time.
Businesses looking for a more secure way to share files than email attachments or portable hard drives should consider implementing a fax-over-IP solution. FoIP online fax service providers like FaxCore utilize secure databases with back-end encryption techniques developed by the NSA to ensure document security. When a message is sent with FoIP, the contents within are saved on an organization's dedicated server, creating a searchable archive of documents stored safely in the cloud. The risk of malware and other viruses is greatly reduced with FoIP because messages are being sent over fax, which isn't vulnerable to such threats.
Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their 'Partly-Cloudy' fax solutions.
