A gang of cyber criminals is using fake Yahoo electronic greetings cards to infect thousands of users with keylogger malware, security experts have warned.
Researchers at Exploit Prevention Labs warned that criminals operating in Australia were sending the keyloggers via fake e-mail greetings cards and using them to steal credit card numbers, bank account user names and passwords and other confidential information.
The attacks have hit account holders at nearly every Australian bank, although the total number of affected users was unclear, Exploit Prevention Labs said.
Roger Thompson, Exploit Prevention Labs’ chief technology officer, warned, “The card appears to come through one of the major eCard companies, so it is assumed to be safe, despite the user not recognising the sender’s name on the card.
“The user clicks the link to view the card, which doesn’t tell you who it’s really from, so they just close it and continue with whatever they were doing before. Unfortunately, what’s actually happened is that a rootkit has been delivered to the user’s PC before they even pick up the card.”
The security firm said it had also uncovered evidence of attacks by the eCard spammers targeting users in Europe, North America and Asia, and spoofing electronic greetings cards from a variety of providers.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats