Posts Tagged: microsoft security essentials


28
Jan 13

Big Bank Mules Target Small Bank Businesses

A $170,000 cyberheist last month against an Illinois nursing home provider starkly illustrates how large financial institutions are being leveraged to target security weaknesses at small to regional banks and credit unions.

I have written about more than 80 organizations that were victims of cyberheists, and a few recurring themes have emerged from nearly all of these breaches. First, a majority of the victim organizations banked at smaller institutions. Second, virtually all of the money mules — willing or unwitting individuals recruited to help launder the stolen funds — used accounts at the top five largest U.S. banks.

The attack on Niles Nursing Inc. provides a textbook example. On Monday, Dec. 17, 2012, computer crooks logged into the company’s online banking accounts using the controller’s credentials and tunneling their connection through his hacked PC. At the beginning of the heist, the miscreants added 11 money mules to Niles’ payroll, sending them automated clearing house (ACH) payments totaling more than $58,000, asking each mule to withdraw their transfers in cash and wire the money to individuals in Ukraine and Russia.

nilesmulespartNiles’ financial institution — Ft. Lauderdale, Fla. based Optimum Bank — evidently saw nothing suspicious about 11 new employees scattered across five states being added to its customer’s payroll overnight. From the bank’s perspective, the user submitting the payroll batch logged in to the account with the proper credentials and with the same PC that was typically used to administer the account. The thieves would put through another two fraudulent payment batches over next two days (the bank blocked the last batch on the 19th).

In total, the attackers appear to have recruited at least two dozen money mules to help haul the stolen loot. All but two of the mules used or opened accounts at four out of five of the nation’s top U.S. banks, including Bank of America, Chase, Citibank, and Wells Fargo. No doubt these institutions together account for a huge percentage of the retail banking accounts in America today, but interviews with mules recruited by this crime gang indicate that they were instructed to open accounts at these institutions if they did not already have them.

ANALYSIS

I’ve spoken at numerous financial industry conferences over the past three years to talk about these cyberheists, and one question I am almost always asked is, “Is it safer for businesses to bank at larger institutions?” This is a tricky question to answer because banking online remains a legally and financially risky affair for any business, regardless of which bank it uses. Businesses do not enjoy the same fraud protections as consumers; if a Trojan lets the bad guys siphon an organization’s online accounts, that victim organization is legally responsible for the loss. The financial institution may decide to reimburse the victim for some or all of the costs of the fraud, but that is entirely up to the bank.

What’s more, it is likely that fewer cyberheists involving customers of Top 5 banks ever see the light of day, principally because the larger banks are in a better financial position to assume responsibility for some or all of the loss (provided, of course, that the victim in return agrees not to sue the bank or disclose the breach publicly).

I prefer to answer the question as if I were a modern cyberthief in charge of selecting targets. The organized crooks behind these attacks blast out tens of millions of booby-trapped emails daily, and undoubtedly have thousands of stolen online banking credentials to use at any one time. There are more than 7,000 financial institutions in the United States…should I choose a target at one of the top 10 banks? These institutions hold a majority of the financial industry’s assets, and they’re accustomed to moving huge sums of money around each day.

On the other hand, their potential for fraud is almost certainly orders of magnitude greater than at smaller institutions. That would suggest that it may be easier for these larger institutions to justify antifraud expenditures. That incentive to enact antifraud protections is even greater because these institutions have huge numbers of retail customers, a channel in which they legally eat the loss from unauthorized account activity.

Continue reading →


14
Feb 12

Microsoft AV Flags Google.com as ‘Blacole’ Malware

Computers running Microsoft‘s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft.

Microsoft's antivirus software flagged google.com as bad.

Not long after Microsoft released software security updates on Tuesday, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com.

The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software.

I first learned of this bug from a reader, and promptly updated a Windows XP system I have that runs Microsoft Security Essentials. Upon reboot, Internet Explorer told me that my homepage — google.com — was serving up a “severe” threat —  Exploit:JS/Blacole.BW. For whatever reason, Microsoft’s security software thought Google’s homepage was infected with a Blackhole Exploit Kit.

Continue reading →


16
Mar 10

MSE Users: Check for Updates, Piracy

One of the systems that just sits here idling all the time in what the wife lovingly calls the Krebs on Security “command center” runs Microsoft’s free Security Essentials anti-virus and security tool. Late last week, I just happened to notice that for who-knows-how-long, a pending upgrade to the program has left that system “potentially unprotected,” according to Microsoft.

I’m not terribly concerned, as I don’t use that system to browse the Web. But if you depend on MSE, check to see if you’ve applied this upgrade, which brings MSE from version 1.0.1959 to version 1.0.1961. You can check the version number by clicking the “Help” tab on the right edge of the MSE main screen, and the selecting “About Microsoft Security Essentials.”

It took a little digging, but here’s Microsoft’s account of what’s new in this updated version of MSE:

The latest version of Microsoft Security Essentials includes improved messaging on the Update tab, improved scan reports on the Home tab, performance improvements, and enforcement of runtime Windows Activation Technology (WAT) in Microsoft Security Essentials.

More here. Unfortunately, this update comes with another attempt by Microsoft to check whether their customers are in fact software pirates. I would assume that people who are running a pirated version of Windows probably wouldn’t install MSE, but then again, we have seen time and again how Microsoft’s various anti-piracy checks often flag users who have purchased legitimate copies of Windows. I don’t fault Microsoft for trying to tackle the piracy problem, which is undoubtedly enormous in the Windows space, but at least now I understand why information about what was in this update or why it was being offered wasn’t so easy to find.

It seems that around the time Microsoft shipped this update, crooks peddling rogue anti-virus products began marketing a rogue app that mimics Microsoft’s Security Essentials offering. True to form, scammers never miss an opportunity to cash in on user confusion over updates like these.