Contact Us divider Newsletter Signup divider How to Buy dividerFaceForward Blog
Home | Press Release
Contact Sales

Press Release

FaceTime Identifies New Botnets Utilizing Instant Messaging to Steal Personal Information from Online Shoppers and PayPal Customers

FOSTER CITY, CALIF - March 15, 2006 - Research experts at FaceTime Security Labs™ identified and reported a new threat today affecting instant messaging (IM) applications. FaceTime Security Labs is the threat research division of IM and Greynet security leader FaceTime Communications.

Acting on an anonymous tip, researchers have uncovered two "botnet" networks that collectively represent up to 150,000 compromised computers, one of which is being used as a vehicle to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords. The operators could potentially launch these scans from any computer on the botnet to mask their actual location.

Instant messaging applications and protocols are an increasingly popular vector to distribute malicious files and executables. With this new threat, FaceTime has identified more than 40 unique files - many designed to take advantage of social engineering techniques, stored passwords, auto-complete data and vulnerable payment systems. Relevant files and information on a large number of "at risk" credit card accounts have been provided to federal authorities.

Who is affected: Users of unsecured instant messaging IM clients or Internet Explorer browsers.

Threat Type: Trojan

Risk Level: High

Additional Information:
If an end user clicks on a malicious link passed to them via Instant Messaging, Remote Administration Server, a commercially available application produced by Famtech, is automatically installed via a "beh.exe". The install is designed to hide the application in the systray with no interaction from the end user. Once this application is installed, the end user's computer is compromised and can be accessed remotely, at which point additional malware applications are installed on the desktop.

One application of note is "Carder," a perl script designed specifically to uncover exploits in several shopping cart applications including Comersus Cart, CactuShop, CCBill and others that are used by many popular ecommerce sites. If a vulnerability is identified by this file, the backend database containing credit card and account information (e.g. credit card numbers, home addresses, usernames and passwords) may be stolen off the ecommerce site. Personal information may also be stolen from the infected PC itself through Protected Storage PassView from NirSoft, another application that may be remotely loaded onto infected PCs.

FaceTime Customers Can Protect Against This Threat

FaceTime Enterprise Edition and IMAuditor customers can proactively block these malicious threats and prevent infections before they happen by utilizing the auto-update features to block downloads of the specific file types associated with the threats. FaceTime also recommends activating the Day Zero Defense System within IMAuditor 6.5. The system utilizes anomaly detection techniques to analyze multiple characteristics of IM-borne worms and other malicious code against normal behavior, and provides patent-pending protection against many IM threats - in addition to traditional security signatures. FaceTime RTGuardian customers are automatically protected if they have auto update features enabled. FaceTime's X-Cleaner customers (formerly XBlock) should download the latest update and scan their PC.

About FaceTime Communications
FaceTime Communications enables the safe and productive use of instant messaging, Web usage and Unified Communications platforms. Ranked number one by IDC for four consecutive years, FaceTime's award-winning solutions are used by more than 900 customers – including nine of the 10 largest U.S. banks – for security, management and compliance of real-time communications. FaceTime supports or has strategic partnerships with all leading public and enterprise IM network providers, including AOL, Google, Microsoft, Yahoo!, Skype, IBM, Reuters and Jabber.

FaceTime is headquartered in Belmont, California. For more information visit http://www.facetime.com or call 888-349-FACE. The FaceForward blog, at http://blog.facetime.com, offers thoughts and opinions about the changing nature of Internet communications.

PR Contact:

Emily Chamberlin
650-762-2945
echamberlin@ar-edelman.com


Current Press Releases

Press Release Archives
2007 | 2006 | 2005 | 2004
2003 | 2002 | 2001

In the News Archives
2007 | 2006 | 2005 | 2004
2003 | 2002 | 2001

Customers

Awards & Certifications

Sign up for FaceTime's eNewsletter: The FaceTimes

The FaceTimes Archives

FaceTime Security Labs
Get information on the latest IM, P2P and spyware threats
 
 
Home  | Company  | Solutions  | Products  | Partners  | Support  | News & Events  | Security Labs  | Site Map  | RSS Feeds  | Contact Us
© Copyright 2003-2008, FaceTime Communications, Inc. All rights reserved.   Privacy Policy