Target data breach started with a Spear phishing attack targeting HVAC firm

A latest information on Target data breach published by security blogger Brian Krebs shows the power of Social Engineering attacks. 

It appears everything began from a spear phishing attack in which employees of HVAC company Fazio Mechanical Services targeted with an email containing a piece of malware.

Sources have told Krebs that the malware used in the attack is Citadel- a notorious banking trojan capable of stealing login credentials and other information.  However, Krebs isn't able to confirm the information.

The reason why the company didn't get chance to identify the malware is because it is using a free version of Malwarebytes Anti-malware to protect is internal systems.

Malwarebytes is one of good tool capable of scanning and removing threats from infected machines.  However, unlike the Pro version(just $25), it doesn't offer any real-time protection.

Furthermore, the free version is meant for individuals not for companies, also the license for free version prohibits corporate use. 

Java based Remote Access Tool used in Spear Phishing attacks targeting Government


A Spear Phishing attack targeting Government Agencies has been uncovered by Symantec Security Researchers.  The emails with the subject related to recent hot media topic "NSA surveillance program PRISM" have three attachments.

What's interesting about the attachment is one of the attachment is a JAR file which is nothing but a Java based Remote Administration Tool(RAT).  The other attachments are two non-malicious PDF files.

Once victim opened the JAR file, the java applet will run in the victim's system which is capable of giving full control of the compromised system to the Cybercriminals.

Java RAT builder control panel- Image Credits: Symantec

As we all know, the Java is platform independent language, the applet can run not only windows but also but also Linux, Mac OSX, FreeBSD, Solaris and Any operating system that supports java.

According to Symantec report, most of the target of this malware are located in United States.  Symantec now detects this threat as Backdoor.Jeetrat.