Antivirus Protection & Internet Security Software
13 Jan 2012Virus News
Costin Raiu, Director of Kaspersky Lab's Global Research & Analysis Team:
“There are several reasons why the discovery of a new variant of Sykipot targeting smart cards didn’t shock me.
First of all, this smartcard hijacking / malicious usage is normal, expected behavioral evolution for advanced persistent threats (APTs). The main aim is to get access to highly confidential data, which is no doubt well protected - with two factor authentication and other advanced crypto. So, this comes as no surprise at all.
OK, Sykipot is capable of listing and using certificates that are stored in the Windows key store, but stealing digital certificates and interfering with them began many years ago. The ZeuS gang started collecting digital certificates to perform attacks against online banking users who were protected only by a certificate, username and password. The increase in attacks against certificate authorities and misuse of advanced crypto is one of the main stories we highlighted for 2011. This will no doubt continue in 2012 as more malware authors understand the importance of crypto, and how it can be leveraged in their interests.
Additionally, the use of zero-days in Sykipot (see https://www.securelist.com) is a classic technique nowadays - with Adobe Flash Player and Reader and Java being the main targets.
Here are the ways to secure your system against Sykipot attacks:
© 1997 – 2016 Kaspersky Lab
All Rights Reserved. Industry-leading Antivirus Software