Several months ago, a nasty malware attack caused quite a stir among Google Chrome users
After a flurry of activity, it went dormant. Now, it seems to have returned, and this time, it’s targeting Firefox users. The basic form of the attack is unchanged, however. From the user’s perspective, it looks like this:
You surf to a webpage that is unreadable. You get a popup message that says “The HoeflerText” font was not found. The message box helpfully provides an update button that supposedly allows you to install the font on your computer.
When you click the button, though, rather than getting the font, you get a banking trojan called Zeus Panda. It will then log your password, and it can initiate rogue transactions in your name.
Unfortunately for the hackers, they didn’t bother to change the name of the font. “HoeflerText” was the exact bogus font name they used a few months ago when they targeted Chrome users, and by now, is quite well known.
Even if it weren’t, this is a fairly crude, heavy-handed attack that only fools a small percentage of users
The simplest way to avoid having the malware installed is to simply close the browser window any time you see a page load that contains garbage characters and asks you to install a new font, regardless of the font name. It’s almost certainly a trap.
If you do inadvertently click to install the font, contact a member of your IT staff immediately, and don’t do anything else with or on the PC until the malware is removed.
Remember, once this malware is armed with your credentials, it can initiate transactions on its own. From the bank’s perspective, every transaction this malware initiates appears to be perfectly legitimate, which can cause you no end of trouble, and be extremely difficult to reverse.
For more tips on thriving with small business technology, check out the other blog posts at DWP Blogs. Thanks for reading this post. I am also available at dwpia on LinkedIn, at dwpia on Facebook,and @dwpia on Twitter.
Denis S Wilson
I am President and Principal Consultant for DWP Information Architects: specializing in IT services and support for successful, fast-growth companies in Los Angeles. And have created cost-effective information technology solutions for small business for over 20 years, specializing in cybersecurity. I am also a published author and speaker, working extensively with the State of California, the Federal Burau of Investigation (FBI), the Small Business Administration (SBA) and its partners, and business and professional associations, providing business technology education programs.
Get the free report
"10 Hidden IT Risks That Might Threaten Your Business (Plus 1 Fast Way to Find Them)"
Please feel free to comment directly to me at blog@dwpia.com.
