Akamai Warns of Yummba Webinject Tools and Banking Fraud

November 20, 2014 Akamai Warns of Yummba Webinject Tools and Banking Fraud

Akamai Contacts Rob Morton

Media Relations

617-444-3641

rmorton@akamai.com

or

Tom Barth

Investor Relations

617-274-7130

tbarth@akamai.com

Crime kit used on machines compromised by Zeus and other malware

Malicious actors alter webpages to steal information from banking users

CAMBRIDGE, Mass. November 20, 2014 Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released, through the companys Prolexic Security Engineering & Response Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts banks and enterprises to the use of Yummba webinject tools in banking fraud. The advisory is available for download at www.stateoftheinternet.com/yummba.

Zeus crimeware has a history of being used to control compromised hosts (zombies) for many types of cybercrime, including the harvesting of banking credentials, building botnets for distributed denial of service (DDoS) attacks, and targeting platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures. Now, the added capabilities of Yummba custom webinjects make the malware even more dangerous. Webinject attacks available for sale in the wild vary in sophistication from simple attacks that report account information and credential theft to highly advanced webinjects that utilize ATSEngine for automated fund transfers to attacker-controlled accounts.

Each Yummba webinject is customized to match the look-and-feel of a website of a specific financial institution to fool the user into entering banking credentials. Whats more, the Yummba webinjects work with the malicious Automatic Transfer System (ATSEngine), streamlining the process of wiring a victims funds to a third-party account. As a result, a malicious actor using Yummba webinjects can inject dynamic content into a web display when a customer visits an online banking site, steal information from the users session, and immediately and automatically transfer funds out of the victims accounts.

PLXsert has identified more than 100 financial institutions for which active webinjects are available in the wild. Most are mid-size and large financial institutions in North America and Europe, said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. Preventing these attacks requires user education, improved security and system hardening, and international cooperation and community cleanup.

PLXsert anticipates the underground crimeware ecosystem will continue to produce new and more powerful tools like Yummba webinjects to take advantage of the massive number of exploited devices on the Internet.

Get the Yummba Webinject Tools Threat Advisory to learn more.

In the advisory, PLXsert shares its analysis and details, including:

How webinjects work

Co-resident malware, such as Zeus and ATSengine

Potential banking targets

Analysis of the code

Types of data stolen

Vulnerability mitigation

A complimentary copy of the threat advisory is available for download at www.stateoftheinternet.com/yummba.

About Akamai

Akamai is the leading provider of cloud services for delivering, optimising and securing online content and business applications. At the core of the Companys solutions is the Akamai Intelligent Platform providing extensive reach, coupled with first class reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

LINK:	http://uk.akamai.com/html/about/press/releases/2014/press-112014.html...
	See more stories from akami

Most recent headlines