FOSTER CITY, CALIF - March 15, 2006 - Research
experts at FaceTime Security Labs™ identified and reported a new
threat today affecting instant messaging (IM) applications.
FaceTime Security Labs is the threat research division of IM and
Greynet security leader FaceTime Communications. Acting on an
anonymous tip, researchers have uncovered two "botnet" networks
that collectively represent up to 150,000 compromised computers,
one of which is being used as a vehicle to fraudulently scan
desktop and back-end systems to obtain credit card numbers, bank
accounts, and personal information including log-ins and passwords.
The operators could potentially launch these scans from any
computer on the botnet to mask their actual location. Instant
messaging applications and protocols are an increasingly popular
vector to distribute malicious files and executables. With this new
threat, FaceTime has identified more than 40 unique files - many
designed to take advantage of social engineering techniques, stored
passwords, auto-complete data and vulnerable payment systems.
Relevant files and information on a large number of "at risk"
credit card accounts have been provided to federal authorities.
Who is affected: Users of unsecured instant
messaging IM clients or Internet Explorer browsers. Threat
Type: Trojan Risk Level: High
Additional Information:
If an end user clicks on a malicious link passed to them via
Instant Messaging, Remote Administration Server, a commercially
available application produced by Famtech, is automatically
installed via a "beh.exe". The install is designed to hide the
application in the systray with no interaction from the end user.
Once this application is installed, the end user's computer is
compromised and can be accessed remotely, at which point additional
malware applications are installed on the desktop. One application
of note is "Carder," a perl script designed specifically to uncover
exploits in several shopping cart applications including Comersus
Cart, CactuShop, CCBill and others that are used by many popular
ecommerce sites. If a vulnerability is identified by this file, the
backend database containing credit card and account information
(e.g. credit card numbers, home addresses, usernames and passwords)
may be stolen off the ecommerce site. Personal information may also
be stolen from the infected PC itself through Protected Storage
PassView from NirSoft, another application that may be remotely
loaded onto infected PCs. FaceTime Customers Can Protect
Against This Threat
FaceTime Enterprise Edition and IMAuditor customers can
proactively block these malicious threats and prevent infections
before they happen by utilizing the auto-update features to block
downloads of the specific file types associated with the threats.
FaceTime also recommends activating the Day Zero Defense System
within IMAuditor 6.5. The system utilizes anomaly detection
techniques to analyze multiple characteristics of IM-borne worms
and other malicious code against normal behavior, and provides
patent-pending protection against many IM threats - in addition to
traditional security signatures. FaceTime RTGuardian customers are
automatically protected if they have auto update features enabled.
FaceTime's X-Cleaner customers (formerly XBlock) should download
the latest update and scan their PC.
About Actiance, Inc. (Formerly FaceTime Communications, Inc.)
FaceTime Communications became Actiance, Inc on January 11, 2011 following an agreement to
transfer the FaceTime trademark to Apple.
FaceTime Communications enables the safe and productive use of Unified Communications and Web 2.0,
including instant messaging, blogs and social networking. Ranked number one by IDC for five consecutive
years, FaceTime's award-winning solutions are used by more than 1,500 customers for the security,
management and compliance of real-time communications. FaceTime supports or has strategic partnerships
with all leading IM, unified communications providers and social networks including AOL, Google, Yahoo!,
Skype, Microsoft, IBM, Cisco, Facebook, LinkedIn and Twitter.
FaceTime is headquartered in Belmont, California. For more information visit
http://www.facetime.com or call 888-349-3223.
PR Contact Information: