- Jul 22, 2014
- 2,525
Several Polish banks said they suffered malware infections after their employees visited the site of the Polish Financial Supervision Authority (KNF), which had been previously infected to host a malicious JavaScript file.
Zaufana Trzecia Strona, a local Polish news site, first reported the attacks late Friday, last week. The news site said that during the past week, the security teams at several, yet unnamed, Polish banks detected downloads of suspicious files and encrypted traffic going to uncommon IPs situated in many foreign countries.
As employees at different banks started looking into their systems, they found malware installed on numerous workstations and even some servers.
KNF website hosted malicious JavaScript file
Subsequent investigations and a cooperation between different banks eventually discovered the source of the infection as being the official website of KNF, which, ironically, is the regulating body that keeps an eye out for the security of financial systems in Poland.
According to reports, KNF's website had been compromised for well over a week, as an unidentified attacker had modified one of the site's JavaScript files.
.......
.......
According to Zaufana Trzecia Strona, this malware has a zero detection rate on VirusTotal and appears to be a new malware strain, never-before-seen in live attacks.
more in the link above
Zaufana Trzecia Strona, a local Polish news site, first reported the attacks late Friday, last week. The news site said that during the past week, the security teams at several, yet unnamed, Polish banks detected downloads of suspicious files and encrypted traffic going to uncommon IPs situated in many foreign countries.
As employees at different banks started looking into their systems, they found malware installed on numerous workstations and even some servers.
KNF website hosted malicious JavaScript file
Subsequent investigations and a cooperation between different banks eventually discovered the source of the infection as being the official website of KNF, which, ironically, is the regulating body that keeps an eye out for the security of financial systems in Poland.
According to reports, KNF's website had been compromised for well over a week, as an unidentified attacker had modified one of the site's JavaScript files.
.......
.......
According to Zaufana Trzecia Strona, this malware has a zero detection rate on VirusTotal and appears to be a new malware strain, never-before-seen in live attacks.
more in the link above