RSS Alerts

Share

More services

Related Links

Related Stories

  • Military and intelligence personnel targeted again by Zeus trojan
    Some rather industrious spammers have targeted military and intelligence employees for the second time in a week. But this time they used the pretense of the previous attack in an attempt to deliver the Zeus trojan.
  • SpyEye continues battle of the botnets
    Researchers have identified another example of a botnet that attempts to neutralize other botnet software. Peter Coogan, a researcher at Symantec, noticed a crimeware toolkit from Russia called SpyEye, which appears to neutralize the competing Zeus crimeware kit.
  • Government employees targeted by Zeus trojan
    Defense and intelligence agencies in the US and UK were among the intended targets of a Zeus trojan campaign, according to findings by Websense.
  • DARPA enters second leg of cybersecurity testing project
    The Defense Advanced Research Projects Agency, or DARPA, has awarded $55.5m in contracts to bolster a secretive cybersecurity monitoring system, it was announced this week.
  • Hacked Google threatens to pull plug in China
    Google is threatening to unplug its controversial Chinese search engine, following a massive hacker attack on its infrastructure that it says was designed to access the accounts of human rights activists. And the company was not the attackers’ only target, it claims.

Top 5 Stories

News

Weekly brief February 16, 2009

16 February 2010

Infosecurity covers the news that didn't make it into our top stories last week.

Daedalus Books of Columbia, Maryland, has informed customers that credit card information, order data, names and addresses placed on its website between August 25 and November 23 may have been compromised. Customers of ING Funds were similarly notified, after one of its clients found that she could access client information on the ingfunds.com website. The offending file, which contained 106 shareholders, had been available online since August 2008. Even though ING removed a link to the file, it was appearing in search engine results.

In the most bizarre case of self-referential spamming we've seen to date, spam used to install the Zeus crimeware trojan is now luring users by warning them not to install…the Zeus crimeware trojan. The mail quotes a blog post by security writer Brian Krebs warning users about Zeus, before offering them a download to a supposed security fix. The security fix is, of course, nothing of the sort.

Zeus is also being spread by a spam mail purporting to be from the 'tax commissar' and offering victims an income tax report. The Zeus malware writers are also putting messages in their code to taunt anti-malware companies. The message suggests that they are testing their code against anti-malware products.

Hackers have stolen $50 000 from a Bank of America account owned by Fan Bao. The money was siphoned off to Croatian accounts, and the bank has told him that he has no way of getting the money back because he agreed to the terms and conditions, which said that the bank needn't make any special efforts to detect errors in wire transfer requests.

Other hackers still seem to be busy. The attackers behind the Operation Aurora hack that targeted at least 30 companies, including Google, are still hard at work and are exploiting more firms, according to a report released by security firm HBGary.

Google may have been smarting over Operation Aurora, but it doesn't seem to have stopped it censoring its results in China. A month to the day after it told China that it didn't want to censor results in that country anymore, it showed no signs of stopping.

Google was at least true to its word when it came to paying out researchers. The search giant, which earlier in the month vowed to pay researchers who uncovered flaws in its Chrome browser, gave money to multiple researchers who revealed vulnerabilities.

CNet has an example of chatbots masquerading as real people in order to steal credit card information. Alan Turing would have been proud.

'Mudge' - aka Peiter Zatko, has been appointed as a program manager at DARPA, where he will coordinate the funding of research to help give the US tools to defend itself against cyberattacks. Sadly he didn't trump Howard Schmidt for the cybersecurity czar role that he originally hoped for (see September 17th entry - Sign the Mudge for Cyber-Security Czar Petition). Mudge was a member of L0pht Heavy Industries, which produces the L0phtcrack password cracking tool.

Mudge may have an uphill struggle. Former US Army computer security specialist Christopher Tarnovsky hacked into a Trusted Platform Module (TPM) – the computer chip that was supposed to be utterly secure from practical attack, and which forms the basis for all kinds of tamper-proof equipment.

This article is featured in:
Internet and Network Security • Malware and Hardware Security • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012