The report summarizes a discovery of a vulnerability that had put websites hosted on the Joomla content management system at risk of being hijacked for use in malware payload and phishing attacks. A forensics investigation of the exposed sites by researchers at the Versafe Security Operations Center also discovered a zero-day attack found in the wild, which enabled attackers to gain full control over the compromised systems. After disclosing details of the vulnerability to the Joomla Security Strike Team, a patch is now available on the Joomla! Developer Network for versions 2.5.x and 3.1.x of the platform, as well as a community-developed fix for 1.5.x.
Whitepapers and Online Threats Research
This Intelligence Brief details the sophisticated, multi-dimensional and targeted Eurograbber attack, which stole an estimated 36+ million Euros from over 30,000 online banking customers, spanning multiple banks across Europe. The attacks began in Italy, and soon after, tens of thousands of infected online bank customers were detected in Germany, Spain and Holland. Entirely transparent, the online banking customers were unaware of being infected with malware and that their online banking sessions had been compromised, or that funds had been seized directly from their accounts.
This attack campaign was discovered and named “Eurograbber” by Versafe and Check Point Software Technologies. The Eurograbber attack employs a new and potent variation of the ZITMO, or Zeus-In-The-Mobile, malware. To date, this exploit has only been detected in Euro Zone countries, but a variation of this attack could potentially affect banks in countries outside of the European Union as well.
This Intelligence Brief provides an inside, and yet-unseen look at the fraudster infrastructure, BentPanel, which Versafe had discovered prior to others in the industry having touted the discovery of the "High Roller" Trojan last year. As part of our ongoing Intelligence Brief series, we'll bring you updated insight on known malware and attack types, as well as obviously the very latest threats we've detected.