Researchers said they've uncovered an active campaign that has already stolen more than $1 million using a combination of malware and social engineering.
The Dyre Wolf campaign, as it has been dubbed by IBM Security researchers, targets businesses that use wire transfers to move large sums of money, even when the transactions are protected with two-factor authentication. The heist starts with mass e-mailings that attempt to trick people into installing Dyer, a strain of malware that came to light last year. The Dyre versions observed by IBM researchers remained undetected by the majority of antivirus products.
Infected machines then send out mass e-mails to other people in the victim's address book. Then the malware lies in wait. A blog post published Thursday by IBM Security Intelligence researchers John Kuhn and Lance Mueller explains the rest: