NightHunterAs yet another reminder that even small businesses can be the target of cybercrime is the latest attack discovered by researchers at Kaspersky.  The business-orientated spyware campaign, called Grabit, was discovered Thursday and has already stolen over 10,000 files from SMBs located in the United States, India and Thailand.

The Grabit spyware campaign has been active since February and remains in operation with new victims added every day.  Grabit works through the spread of keyloggers; small spyware programs that record user data as it is entered.  The infection starts when a business employee receives an email with an infected attachment.  Grabit uses Microsoft Office Word files as its delivery medium of choice.  Once a user downloads and attempts to open the Word document, the spyware keylogger activates and begins broadcasting data back to the source.

The Grabit attackers seem to be after everything from usernames and passwords to basic system information, such as firewall configuration and the type of anti-virus software installed.  So far, the spyware has stolen 2,887 passwords, 1,053 emails and 3,023 usernames from 4,928 different hosts and includes information on basic email accounts, social media and even business and personal bank accounts.

India and Thailand have been hit the hardest by the infection but the United States has started to catch up.  The spyware appears to spread itself once it enters a corporate network, either through direct action or through the ignorance of users.  The collected information shows that most businesses hit by the spyware end up with multiple sets of data from different users throughout the organization.

The only good news to come out of the Grabit reveal is that the spyware is not overly concerned about staying hidden.  The spyware modifies common registry entries and in most cases, an infected user should be able to remove the infection with minimal effort.  As always, it is important that SMBs remember to use advanced, up-to-date antivirus solutions and keep software patched to stay safe.  Additionally, email attachments should only be downloaded from trusted sources and scanned before opening.  When in doubt, it is better to err on the side of caution.

– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer