Five Places Where Malware Hides
Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.
Zeus is in the news again, and this time, the Trojan is hiding in the cloud.
According to PC World, the latest Zeus configuration was found monitoring the log-in Web page of a Canadian company, Ceridian Canada, which provides human resources and payroll services. PC World stated:
The malware steals user IDs, passwords and company numbers when users authenticate on Ceridian's clients.powerpay.ca website from infected computers and automatically takes screenshots of their answers to the site's image-based verification system.
Amit Klein at Trusteer pointed out in his blog the reasons why criminals are using Zeus to attack in the cloud and why they are going after payroll information. Targeting payroll, he said, allows the criminals to steal a lot more money than targeting individual customers, and by targeting data in the cloud, the criminals can bypass a lot of the security authentication steps online banking sites are now using. Klein said:
In a cloud service provider environment, the enterprise customers who use the service have no control over the vendor's IT systems and thus little ability to protect their backend financial assets.
That the bad guys are targeting payroll is a new twist and should definitely be noted by anyone who is responsible for keeping human resource data secure. However, in my opinion, the big-picture takeaway is that the Zeus Trojan configuration is likely a sign of things to come - malware that is going to specifically target the cloud.
Passing the buck or expecting someone else to protect your data isn't going to keep anything secure. Klein recommended taking a layered approach to protecting the data in the cloud, with anti-malware software, firewalls and so on. But it may also be wise to think about the information that you store in the cloud. Until cloud security is better defined, at least within the company, keeping financial data and other extremely sensitive information out of the cloud and on a dedicated server may be the safest way to go right now.