Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercriminals Shifting To Bugat

Posted by CmdrTaco on from the brand-new-hotness dept.

wiredmikey writes "Cybercriminals are changing up their weapons, trying to diversify their attack tools using a platform that is less well known and therefore harder to detect and block. With so much focus on the ZeuS Trojan, recent attacks utilized a variant of 'Bugat,' another Trojan horse that steals information from a compromised computer and sends it to a remote host. Bugat was first discovered in January of this year but, like ZeuS, has seen some different variants. In last week's attack, LinkedIn users received emails alerting them of a 'Contact Request,' and encouraging them to click through to a malicious URL where a java applet fetched and installed the Bugat executable."

2 of 48 comments (clear)

  1. I'd avoid clicking them on pages, too by Jeremiah+Cornelius · · Score: 4, Funny

    Let's start with email and forums, yes.

    But the question is open: What are these "hyperlinks" really for, anyway? The dubious benefits delivered at the other end of clicking is seldom worth the exhilaration. I say that we should just eliminate them, altogether!

    I envision a large screen - you could make it large enough to occupy a central place in the household. This could be used to deliver appropriate, scheduled media and information: remote through a wireless, one-to-many transport or stored locally on different removable media.

    I think there are significant opportunities to greatly simplify the user interface of such a device, and we will eliminate the risks associated in hyperlinking.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  2. Simple solution by Todd+Knarr · · Score: 5, Insightful

    When is the simple solution going to be applied by users: never trust links in e-mail. If I got an e-mail from LinkedIn telling me about a contact request, I'd ignore any URL in the e-mail. I'd go to LinkedIn itself through the bookmark already in my browser. If it's a real contact request, it'll be sitting in my inbox there waiting for me. I don't need to trust anything in the e-mail. And if there isn't anything waiting in my inbox, then the e-mail was a fake and I shouldn't be trusting anything in it.

    It's the same rule as for unsolicited phone calls. If someone calls you up claiming to be from the power company saying you've got an overdue balance and you have to pay up or have power shut off, you do not accept their helpful offer of doing the payment over the phone if you'll just give them your bank-account number to do an e-check. You've no idea whether it's actually the power company calling or just some random con-man. You thank them, hang up, pull out your last bill and get the customer-service number from that. Then you call that number and ask them about the status of your account. And if they say you are, it's now safe enough to do an e-check because (barring someone having usurped the phone company's switches themselves, or having switched physical bills on you) you know you're really talking to the power company.