Like or Dislike: 0  0

Thing is, these transactions originated from the ACH (automated check clearinghouse) system — which has nothing to do with Zeus on his own systems, nothing originated on his own systems. The authorization tokens for the ACH system are the bank account number and the bank routing number. In other words, EVERY SINGLE PERSON HE HAS EVER MAILED A CHECK TO could be the culprit here. That’s just how weak the ACH system’s “authentication” really is.

The banks set it up that way on purpose, for their own convenience, back when the original ACH system was set up by the Federal Reserve because they didn’t want to have to authenticate that each transaction was authorized by the person who’d issued the check. But that was back when only Federal Reserve banks had ACH terminals and you could at least validate that an actual physical check was involved. Nowadays, a friggin’ *health club* can make an unauthorized withdrawal from your account just using the routing number and account number off a check you once mailed them. Yes, I know this for a fact — it happened to me.

In short: the ACH system has clear authorization issues that the banks are *not* in any hurry to fix since they’re not on the hook. Any talk of “Zeus” or whatnot is ridiculous here — no amount of Zeus on his own system would create a transaction that originated from the ACH system. Zeus could have stole his account number, but the same is true of anybody else that this guy has ever mailed a check to since the day he opened the account. The banks chose convenience over security when they created the ACH system, and now they’re making the small businesses pay once scammers exploit the very security hole that the banks themselves put into their system? Yeah, that sounds about right…

Well-loved. Like or Dislike: 4  0

On the other hand: the banks lose nothing. The contracts state the businesses must absorb the losses.

There are two solutions. Either legislation makes the banks liable – and that’s never going to happen because the banks know how bad security is out there in the field – or the businesses have to stop using Windows. There’s either the one or the other. There’s no ‘in between’.

Like or Dislike: 1  6

Like or Dislike: 2  0

Not finding Zeus doesn’t mean anything when forensic tests show Zeus can only be detected 23% of the time.

Well-loved. Like or Dislike: 4  0

Like or Dislike: 0  0

Like or Dislike: 0  0

Energizer DUO USB Battery Charger Software Allows Remote System Access
added March 8, 2010 at 10:26 am

US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows and Apple Mac OS X versions. Only the Windows version is affected by this vulnerability.

US-CERT encourages users and administrators to review Vulnerability Note VU#154421 and apply the recommended solutions.

Like or Dislike: 1  5

Quote: ” …. lost more than $27,000 last year when five unauthorized automated clearing house withdrawals were made from its accounts and sent to individuals around the United States ….”

Page 1 of the court filing states four (4) withdrawals for $27,620. However the attached exhibits show that originally there were four withdrawals totaling $36,495. However, it appears according to an exhibit dated 03/10/2009 that the fourth withdrawal for $8,875 was subsequently reversed, leaving the actual loss at three withdrawals totaling $27,620, as follows:

ELAINE LEE SHELBY WELLS FARGO MN. 02/25/2009 $9,200
KERRY ALYSSA DIXON JPM CHASE MO. 02/26/2009 $9,720
ZERRIN KARAGOZ JPM CHASE FL. 02/26/2009 $8,700

Brian, since there is no record of a ZEUS / zbot infection, have you attempted to contact any of the recipients and confirm that the funds were sent via Money Gram / Western Union to the usual eastern European places ?. At least one of them appears easy to locate. One anomaly in the exhibits is that the last transfer for $8,700 lists an invalid account number, it is a duplicate of the bank id code.

Also surprising from a security standpoint, the account is listed as a Payroll account, is that these are large unusual amounts for a small business payroll account, and are being sent to accounts over a thousand miles away in other states. If one were to write fraud detection algorithms, those are two criteria flags for a SB payroll account.

The Capitol One web page for matching to the small business account services on the exhibits has in its meta data:

“With TowerNET from Capital One, your small business is in control of its finances anytime from anywhere from a single point of access.”

In the current cyber environment that statement almost sounds like a security flaw !

This case, and many of the other suits may hinge on whether statements made by banks regarding their security procedures, such as this from Capital, are really true:

Quote:

“* We build information security right into our systems and networks using internationally recognized security standards, regulations, and industry-based best practices.

* We employ strong authentication controls following guidance provided to us by the Federal Government’s banking regulators”

MGD

Well-loved. Like or Dislike: 8  1