Researchers at Cisco Talos have recently uncovered a new method cybercriminals are using to trick people into downloading a strain of malware called Zeus Panda which steals banking information from the victim’s computer and uses it to steal from their bank accounts.
The first step in the process used by the cybercriminals was to come up with a long list of search phrases that people would use when they would search for banking information on search engines, such as Google. They then used compromised web servers and Search Engine Optimization (SEO) tactics to make sure that the phrases appear high on a search engine search page. Next the cybercriminals would use infected links that appear in compromised legitimate business websites appearing in the search to redirect the unwary victim to a malicious website where the victim would be prompted to download a document, open the file and click “Enable Editing” which ultimately downloads the malware that steals banking and other sensitive information to be used by the cybercriminals.
This scam is just another reason why it is important to remember my motto, “trust me, you can’t trust anyone.” Merely because a website comes up high in a search engine search on Google or any other search engine does not mean that it is legitimate. Companies and servers must constantly monitor themselves to make sure that they are not compromised, however, the key for us as consumers is to follow the rule of never downloading attachments or enabling macros unless we have absolutely confirmed that they are legitimate. While many people know not to click on unverified links, few people think to confirm attachments from trusted websites before downloading them because they may be infected.