A gang of cyber criminals is using fake Yahoo electronic
greetings cards to infect thousands of users with keylogger
malware, security experts have warned.
Researchers at Exploit Prevention Labs warned that criminals
operating in Australia were sending the keyloggers via fake e-mail
greetings cards and using them to steal credit card numbers, bank
account user names and passwords and other confidential
information.
The attacks have hit account holders at nearly every Australian
bank, although the total number of affected users was unclear,
Exploit Prevention Labs said.
Roger Thompson, Exploit Prevention Labs’ chief technology
officer, warned, “The card appears to come through one of the major
eCard companies, so it is assumed to be safe, despite the user not
recognising the sender’s name on the card.
“The user clicks the link to view the card, which doesn’t tell
you who it’s really from, so they just close it and continue with
whatever they were doing before. Unfortunately, what’s actually
happened is that a rootkit has been delivered to the user’s PC
before they even pick up the card.”
The security firm said it had also uncovered evidence of attacks
by the eCard spammers targeting users in Europe, North America and
Asia, and spoofing electronic greetings cards from a variety of
providers.
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats