In another example of the security mantra of “be careful what you click,” at least one Bitcoin trader has been robbed in a forum “phishing” attack designed specifically to ride the hype around the digital currency. The attack attempts to use Java exploits or fake Adobe updates to install malware, and it’s one of the first targeted attacks aimed at the burgeoning business of Bitcoin exchanges.
This type of attack is de rigeur in the financial world, according to George Waller, the executive vice president of Strikeforce Technologies, a security software firm specializing in two-factor authentication and anti-keylogging software for the financial industry. “Driving people to a site to download malware is one of the most common attacks today,” he told Ars. “You go to a site from a forum and get prompted for Java or Adobe updates—and in the majority of those updates they drop in a keylogger. Since they’re written to get around antivirus scans, AV software is useless against this sort of pervasive malware today.”
To be clear: such attacks are common against a host of perceived high-value targets. They also, however, underscore the real value in linking names, activity-types, purchase behaviour, and other distinctive characteristics to persons’ online economic activity to defray fraud made possible by malware.