Salesforce Warns Users of Trojan Malware

A new computer Trojan may be targeting clients of Salesforce.com, the company announced in a security warning posted on its Web site. The malware, known as Dyre or Dyreza, appears to be a variation of the previously known Zeus Trojan, which had been known to target banking Web sites in search of financial accounts.

According to Salesforce, the vulnerability was discovered by one of its security partners on Sept. 3. The malware is designed to steal user log-in credentials and resides on infected customer systems.

Spreading Beyond Financial Institutions

The company said it was making the announcement as a precautionary measure.

"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation," Salesforce said in its warning. "If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."

Dyre is a specific type of Trojan known as a remote access Trojan. The malware works by bypassing SSL encryption, allowing the program to steal log-in credentials. The Trojan is designed to scrape business data from infected accounts. The Zeus variation was first discovered in June, when security researchers first warned that the Trojan had found a way to bypass Web encryption and had used that ability to attack Bank of America, Citibank, NatWest, RBS and Ulster Bank.

The threat does not appear to be limited to Salesforce. On the contrary, other cloud service providers are likely equally vulnerable to a Dyre attack. However, this is not the first time Salesforce has been targeted by such an attack: in February, the customer relationship management system provider was targeted by yet another Zeus variant that managed to steal corporate data through a user who had logged onto the service through an infected...

Comments are closed.