Pierluigi Paganini February 08, 2014

Security experts at AppRiver detected a traffic spam spike linked to a new malware Campaign Targeting customers of Bank of America.

Bank of America is being targeted by a new malicious campaign, cybercriminals are spreading a stealthy malicious financial malware to hit the clients of the financial institution.

Security experts at AppRiver recently detected and blocked a set of virus campaigns that use new and novel tactics designed specifically to beat filtering engines. A common factor of the wave of attacks based on these set of malware is the enormous volumes of traffic being sent to data centers. Analysts at AppRiver revealed that the overall volume of traffic was three times than normal .

“These spikes have been driven by a tremendous increase in the number of incoming messages being sent with viruses attached.” and some user experienced delays in sending and receiving mail.

“Our data center processed 10 to 12 times the normal amount of our normal traffic. This graph will give you an idea of what we saw:”

The malware campaign was arranged by crooks to spread a banking trojan, dubbed Bredo virus, specifically crafted to target the customers of the Bank of America.

The Bredolab botnet is known since 2009, the infection is propagated through malicious e-mails that includes malware attachments, in October 2010, the Dutch law enforcement conducted a large operation against the botnet seizing 143 LeaseWeb servers used as command & the control server.

Bredo virus, as many other similar malicious code, includes data stealing capability and also a key-stroking features.

The malware could be used also as downloader because it can also download other malicious payload on the compromised machine.

“The software may also have abilities to further infect a system by downloading more malware on to the machine. “

Lesson learned… malware never die.

Pierluigi Paganini

(Security Affairs –  Bank of America, malware)