ATLANTA — The same Russian hackers who stole millions of bank, retail, payment service and Social Security account numbers in February are responsible for a new attack, according to SecureWorks.
That February attack raised eyebrows because it exploited what had been considered secure SSL/TLS encryption. This attack involves sending out spam with PDF attachments that turns the victims' PDF reader into a malware installer using a Gozi Trojan, SecureWorks researchers have discovered.
"Once the PDF is clicked on, it then downloads the Gozi Trojan to the victim's PC and proceeds to capture any data entered into SSL-encoded Web sites, which includes most Internet banking, online retail and corporate intranets," says Elizabeth Clarke, SecureWorks spokeswoman.
Recommended For You
"The attack is widespread, according to our spam sources," Clarke says.
Clarke says SecureWorks' clients are protected and that it has notified its research partners and other anti-virus vendors. For more information on the attack, go to http://www.secureworks.com/research/threats/gozi.
Security experts say attacks on PDF documents are particularly worrisome new concern because many scans don't include those files, heretofore considered relatively immune.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
