General discussion

NEWS - October 22, 2010

FBI Warns Of 'Corporate Account Takeover' Scams

Cybercriminals are targeting the financial accounts of small and midsize businesses (SMBs), fraudulently transferring money directly from their accounts, the FBI warned yesterday.

In a fraud alert issued Wednesday, the FBI said "corporate account takeover" attacks use malware to steal passwords and other credentials from senior executives at SMBs and then use those credentials to empty the companies' coffers.

"To obtain access to financial accounts, cyber criminals target employees--often senior executives or accounting, HR personnel, and business partners--and cause the targeted individual to spread [malware], which in turn steals their personal information and log-in credentials," the FBI says in its full report (PDF).

"Once the account is compromised, the cyber criminal is able to electronically steal money from business accounts," the report explains. "Cyber criminals also use various attack methods to exploit check archiving and verification services that enable them to issue counterfeit checks, impersonate the customer over the phone to arrange funds transfers, mimic legitimate communication from the financial institution to verify transactions, create unauthorized wire transfers and ACH payments, or initiate other changes to the account."

Discussion is locked

Reply to: NEWS - October 22, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 22, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Linux bug bestows attackers with 'superuser' powers

Security researchers have disclosed a vulnerability in the Linux operating system that allows unprivileged users to gain "superuser" rights on target systems.

The bug in the Linux implementation of RDS, or reliable datagram sockets, protocol can be exploited by local users by sending specially manipulated packets that write certain values into kernel memory, according to VSR Security, the firm that disclosed the vulnerability. The issue was introduced into the Linux kernel in version 2.6.30, when RDS was first added.

A fix for the bug was committed last week by Linus Torvalds.

- Collapse -
Microsoft Security Essentials is fake

Actually, Microsoft Security Essentials is not fake. It's a real antivirus product from Microsoft.

However, there's a rogue security product out there that claims to be "Microsoft Security Essentials". It has nothing to do with Microsoft. This malware is distributed via drive-by-download attacks as hotfix.exe or mstsc.exe (md5: 0a2582f71b1aab672ada496074f9ce46)

Here's what it looks like: [Screenshot]

And not only does this fake tool steal Microsoft's brand, it also features a bizarre matrix display of 32 antivirus products, offering you to locate a tool that would be capable of fixing your machine as "Microsoft Security Essentials" can't clean the malware it found. In reality, this is all fake, and the tool has not found an infection in the fail it claims. [Screenshot]

Surprisingly, the only products that seem to be capable of handling the infection are AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross. Never heard of these? No wonder. They are all fake products.

"Microsoft Security Essentials" will try to scare you into purchasing a product you don't need. Don't fall for it.

Hopefully Microsoft's lawyers will find the clown behind this one. They would have a field day with him.

We detect this one as Trojan.Generic.KDV.47643.

As Posted @ F-Secure Weblog

- Collapse -
Tracking Zeus botnet which updates like Conficker

In recent days, there have been new Zeus variants which update like Conficker. With the experience in analyzing and monitoring Conficker, Bkis has been tracking this Zeus botnet. According to our statistics, this botnet contains about 18,752 zombies in 153 countries, 34 percent of which are in the USA. [Screenshot: Percentage of Zombie Distribution][Screenshot: Top 10 Infected Countries]

When users access websites containing malware or visit legitimate websites controlled by hackers, a virus called W32.ZbotL.Worm (by Bkav) will be loaded onto users' computers via vulnerabilities of IE, Firefox, Adobe or Flash Player, etc .

To maintain this botnet, Zbot drops a file infecting virus, W32.Licat.PE, onto the system. This virus attempts to infect executable files on the system. Each time these infected file are executed, the Licat's code in the file will connect to the randomly generated domains which serves new Zbot's update.

Continued @ the Bkis Global Task Force Blog

- Collapse -
Facebook to encrypt user IDs to block 'inadvertent sharing'

Facebook has introduced plans to encrypt user IDs in a move seemingly designed to placate critics following recent privacy kerfuffles.

The social network prohibits the sharing of user IDs with data brokers in its privacy policies. However, the Wall Street Journal reported earlier this week that personally identifiable information was shared by developers of some of the most popular applications on Facebook, such as FarmVille and Texas Hold 'Em, despite this policy. The story broke just as US politicians are considering a potential Congressional inquiry into Facebook, so the timing could hardly be worse for the social network, ReadWriteWeb reports.

This is also bad news for Zynga, maker of six of the top 10 Facebook games. The game developer has been hit by a federal lawsuit accusing it of pimping Facebook user IDs to advertisers and data brokers.

The actual harm that might be done if a user's Facebook ID is exposed is debatable. Nonetheless, Facebook has responded to a further round of adverse publicity over its privacy policies by introducing a proposal to encrypt user ID information in URLs.

Prior Related Posts :
Facebook gets poked in latest privacy gaffe
Facebook games maker sued in privacy flap

- Collapse -
Facebook sues CPALead CTO for alleged survey spamming

Fed up with the scams that spread virally across Facebook, pointing you to money-making surveys? I certainly am and so, it seems, is Facebook.

Facebook has announced this week that it has filed three lawsuits, aimed at stamping out those responsible for some of the scams that have spread rapidly over the social networking site this year.

The suits accuse two men, Steven Richter of Kings Park, New York, and Jason Swan of Las Vegas, and an affiliate marketing company, MaxBounty, of participating in the schemes which plagued users by promising them non-existent "Dislike" buttons or "Facebook Gold" accounts, but directing them to revenue-generating surveys instead.

- Collapse -
New Banking Trojan Targets Over a Dozen Financial ...

Security researchers from FireEye have identified a new banking trojan, which is capable of launching man-in-the-browser (MITB) attacks and targets an unusually high number of financial institutions.

Dubbed Feodo by the security vendor, the malware is similar in concept and features to other banking trojans like ZeuS, SpyEye, Bugat or Carberp.

The threat steals online banking credentials and other sensitive information by intercepting data inputted into Web forms, as well as injecting rogue HTML elements into pages.

"I can see that the bot herders are instructing its zombies to target over a dozen banks. This is a huge list, I rarely see even bot herders behind Zbot targeting so many banks," Atif Mushtaq, a security research engineer at FireEye, says.

The expert also notes, that unlike Zbot or SpyEye, Feodo is not the result of a crimeware toolkit sold on the underground market and that it most likely belongs to a single gang.

As of two days ago, only two antivirus engines on VirusTotal detected the threat as malicious. However, VirusTotal only performs signature-based scans and more pro-active protection layers present in many products might actually block it.

It's worth noting that the trojan doesn't only target banks, but also services like PayPal, Amazon, Myspace or Gmail.
- Collapse -
Piracy domain seizure bill gains support

A proposed law allowing the government to pull the plug on Web sites accused of aiding piracy received a sizable political boost yesterday.

Dozens of the largest content companies, including video game maker Activision, media firms NBC Universal and Viacom, and the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) endorsed the bill in a letter to the U.S. Senate. So did Major League Baseball and the U.S. Chamber of Commerce.

The letter to Sen. Patrick Leahy, a Vermont Democrat and co-sponsor of the bill, said new laws are needed to curb access to increasingly sophisticated "rogue Web sites" that "undermine the growth and stability of many industries and the American jobs that they support." The legislation should be enacted "during the time remaining" this year, meaning after the Democratic-controlled Congress returns in November, the letter says.

The proposal is not uncontroversial: Since its introduction a few weeks ago, the idea has alarmed engineers and civil liberties groups, who say that it could balkanize the Internet, jeopardize free speech rights, and endanger even some legitimate Web pages that are part of larger sites. According to its current wording, any domain name "dedicated to infringing activities" could find itself in the U.S. Department of Justice's prosecutorial crosshairs.

- Collapse -
CA and Browser Trust Models Need Overhaul, Experts Say

The cryptographic underpinnings of the Internet, as presently constituted, are messy, chaotic and rather randomly constructed. And that infrastructure is not only ripe for a variety of attacks, but is not easily fixable, a group of experts said Friday.

At a forum on browser security sponsored by a Washington policy think tank, a group of technologists and policy experts from industry and government outlined the serious architectural and implementation problems with SSL, the certificate authority infrastructure and the way that browsers handle certificates. It was not a pretty picture. The problems extend from the way that CAs issue certificates to how certificates are handled by the major browsers to the way that attackers are able to take advantage of the weaknesses throughout the system.

One of the key problems that many of the speakers focused on is that the ecosystem of CAs, who issue the digital certificates used by Web sites to assert their identity and help secure traffic to and from their servers, is inherently flawed. The CAs all issue certificates that have essentially the same value, regardless of how - or if - they check up on the sites applying for the certificates and there's no way for consumers to differentiate among them and know whether one is better than another.

See: The Emerging Threat to Online Trust

CNET Forums

Forum Info