New Phishing Campaign Discovered.

A CIS Cyber Alert (see below) has been published detailing a Phishing campaign that utilizes a weaponized PDF document that exploits a vulnerability in Adobe Reader(CVE-2013-2729). This campaign attempts to entice users to open the attached file by referring to an “Unpaid invoic”(sic)

This campaign is utilizing the Dyre Banking Trojan, focused on stealing banking credentials.

Recommendations:

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Do not open email attachments from unknown or untrusted sources.
  • Limit user account privileges to those required only.
  • Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Keep all operating system, applications and essential software up to date to mitigate potential exploitation by attackers.
  • Ensure that systems are hardened with industry-accepted guidelines.
  • Make sure all AV products are up-to-date with their signatures.
  • Implement filters at your email gateway for filtering out emails with subject line “Unpaid invoic”. [Note the typo]

REFERENCES:

PhishLabs:

http://blog.phishlabs.com/enhancements-to-dyre-banking-trojan

CVE:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729

Leave a Reply

Your email address will not be published. Required fields are marked *