KrebsOnSecurity reports that the network credentials of Fazio Mechanical were stolen with by a password-stealing malware called Citadel. This is what I feared. Recently I spend a lot of time working through some problems updating McAfee ASAP because I was pretty sure it had a better malware protection than Microsoft Security Essentials.
The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.
Since Citadel is not a new threat I assume it must be a modified version that was not detected by the virus/malware checking software. I wonder if the current versions of the top virus checking software catches it now. My desktop version of Outlook is twice protected via McAfee’s SaaS. My private email is protected by Yahoo(Symantec). Hmm… I wonder what Fazio was using?