|Trojan.Stabuniq geographic distribution by unique IP address|
According to researchers, roughly 40 IP addresses infected with the Stabuniq Trojan, 40% per cent belong to financial institutions who are mostly based in Chicago and New York.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
The malware appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit. Such toolkits are commonly used to silently install malware on Web users' computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player, Adobe Reader, or Java.
These attacks can be very simple, such as a written email from a prince in Nigeria asking for bank account information.
Once installed, it collects information including its computer name, IP address, operating system version and installed service packs, running processes and dumps that data to a command & control server located at:
Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
Turn off and remove unnecessary services and Enforce a password policy. Stay tuned to +The Hacker News .