Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Salesforce: Oh no! Dyre RATs are thirsty for our customers' logins

But attacks weren't the cause of server outage, we're told

Salesforce has warned that miscreants are trying to infect its customers with a remote access trojan (RAT) dubbed Dyre that siphons off Salesforce.com login data.

"On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users," an advisory states.

"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation. If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."

The advisory points out, correctly, that this isn't a flaw in Salesforce's software per se, but that the malware, which had previously targeted online banking, is now being used against the cloudy CRM firm's customers. Once it's installed on a Windows PC, usually via a phishing attack, the software nasty then looks out for data sent from web browsers – even SSL-encrypted data – and siphons it off to its masters.

Salesforce recommends users make sure malware's signature is added to antivirus software and that IT admins restrict the range of IP addresses users can log into Salesforce servers from. Adding two-factor authentication is also suggested.

Sources familiar with the matter said that the malware was not a factor in the outage Salesforce suffered on Friday. That incident has now been resolved and Saleforce's status page now shows all instances working as they should.

What is curious about the warning is the motive for trying to get at Salesforce's customers using the Dyre malware. The sophisticated code, first discovered in June, tried to crack two-factor authentication and conduct man-in-the-middle attacks to hijack victims' accounts, but has almost exclusively targeted the lucrative banking sector.

It could be that persons unknown have bought a copy of the malware and are using it for a CRM-specific attack. If so that would be an unpleasant first for the firm, and one that could have very negative consequences for its image. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like