BitDefender Uncovers New Breed of Malware Threats Targeting Small and Medium-Sized Businesses

May 2009

Dangerous 'malware-spreading vectors' find new ways to infiltrate computer networks

BitDefender has uncovered new 'malware-spreading vectors' -- methods that are being used to infect small and medium-sized businesses, allowing dangerous malware to enter a business' network and compromise its security. 'BitDefender is finding that small and medium-sized business are at an increased risk because many don't have the level of security necessary to prevent these vectors from being used to infect their networks,' said Viorel Canja, head of BitDefender Labs. 'Businesses need to be aware of these new and dangerous methods of infection and install a complete up-to-date anti-malware security solution.' The most recent example was the Conficker worm, which spread to millions of computers by using multiple infection vectors, including Microsoft Windows RPC Service exploit, bruteforcing weak administrator passwords, and copying itself to removable drives. A business network can be infected even when it is not connected to the Internet -- malware can be brought into a business network by a single employee who accesses the Internet outside the office, gets infected, and brings the worm to work with a USB stick. Through these vectors, cyber-criminals can harvest sensitive data quickly and easily. Once a network has been infiltrated, Trojans and adware listen to all the traffic carefully, filtering out online banking accounts, credit card details or computer-related data like OS version, hardware details, or software licenses. All this information is either sold or used for monitoring purposes in order to prepare for more targeted attacks. Examples for such e-threats are WhenU, SaveNow and Trojan.Banker.LCG. Another vector currently being used to infect networks is the online scam. Phishers set up online scam websites, websites that impersonate legitimate entities, and steal the user's login credentials or trick the user into downloading applications on to their computers. One recent online scam involved a website impersonating Facebook. The fake site was designed to look exactly like Facebook and contained a fake YouTube video. Once a user clicked on the video, it requested the user download an application called 'Adobemedia11.exe' which was password stealing Trojan. The e-threat monitored FTP, ICQ, POP3 (email) authentication details and stole information from applications such as Outlook Express, MSN Explorer and the Autocomplete function. Most recently, the scam started to imitate a Bank of America Help page. Small business networks are seldom prepared for these types of threats ' the IT expertise and funding needed for mitigation is usually not available. Such threats are best met with integrated solutions that can provide safety from sophisticated e-threats, while remaining cost-effective and easy to manage. 'We say 'small or medium business' and we immediately think of a mom-and-pop store or of that lumber yard at the edge of town. The truth is more nuanced,' said Vince Hwang, BitDefender's director, global product management. 'Credit card payment processors can be small and medium enterprises. Government contractors of all kinds, including those that work for the military, can be SMBs. IT security shouldn't be an afterthought and it shouldn't be a burden either.' To stay up-to-date on the latest e-threats, sign-up for BitDefender's RSS feeds.