By Konrad Krawczyk
Internet security firm Palo Alto Networks has identified a new campaign of cyber-treachery originating from the borders of Nigeria, the notorious source of a billion countless malicious emails attempting to trick people into giving up their money over the years. Palo Alto says it determined that the attacks came from Nigeria because many of the attackers that the firm tracked did not conceal their IP addresses.
The new batch of evil emails include attachments that, once clicked, are laced with two malicious programs. One, called NetWire, can allow someone to remotely take control of an infected computer, whether it’s running Windows, Linux, or Mac OS X. The other program, DataScrambler, aims to conceal
NetWire’s existence from anti-malware scanners.
Nigerian email scammers have changed their targeting tactics, Palo Alto Networks says. Though they routinely devoted their efforts towards targets who were financially well off in the past, the firm says that many attacks this year have been lobbed at businesses.
Perhaps most troubling is the fact that the cyber thieves did not make the tools on their own. For instance, they leased DataScrambler for anywhere between $25 and $60 from hacking-centric forums online. Even a high-schooler with a part time job could afford them. Fortunately, the crooks weren’t the most adept at modern technologies, the security firm said.
“The group is comprised of individuals who have previously operated 419 scams, which rely on tricking wealthy individuals into giving their wealth to the scammer. These individuals are often experts at social engineering, but novices with malware,” reads a report detailing the troubling finding.
As always, whether you’re an individual or a business, you should also keep a sharp eye on emails you get which include attachments, even those that appear to come from people you know. Always be extremely cautious when opening them, and, if you get one from an email address you do not recognize, your best bet is to not open it, especially if the contents of the email itself look suspicious.