Monthly Archives: April 2011

FBI: $20M in Fraudulent Wire Transfers to China

April 27, 2011

The Federal Bureau of Investigation warned this week that cyber thieves have stolen approximately $20 million over the past year from small to mid-sized businesses, through a series of fraudulent wire transfers sent to Chinese economic and trade companies located near the country’s border with Russia.

The FBI said that between March 2010 and April 2011, it identified twenty incidents in which small to mid-sized organizations had fraudulent wire transfers to China, and that the total losses from the fraud was about $11 million. The alert was sent out Tuesday, in cooperation with the Internet Crime Complaint Center and the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium.

Millions of Passwords, Credit Card Numbers at Risk in Breach of Sony Playstation Network

April 26, 2011

Sony warned today that intruders had broken into its PlayStation online game network, a breach that may have jeopardized the user names, addresses, passwords and credit card information on more than 70 million customers.

In a post to the company’s PlayStation blog, Sony spokesman Patrick Seybold said the breach occurred between April 17 and April 19, and that user information on some PlayStation Network and Qriocity music streaming accounts was compromised. The company said it had engaged an outside security firm to investigate what happened, that it was rebuilding its system to better secure account information, and that it would soon begin notifying customers about the incident by email.

SpyEye Targets Opera, Google Chrome Users

April 26, 2011

The latest version of the SpyEye trojan includes new capability specifically designed to steal sensitive data from Windows users surfing the Internet with the Google Chrome and Opera Web browsers.

The author of the SpyEye trojan formerly sold the crimeware kit on a number of online cybercrime forums, but has recently limited his showroom displays to a handful of highly vetted underground communities. KrebsOnSecurity.com recently chatted with a member of one of these communities who has purchased a new version of SpyEye. Screenshots from the package show that the latest rendition includes new “form grabbing” capabilities targeting Chrome and Opera users.

Where Did That Scammer Get Your Email Address?

April 25, 2011

You’ve seen the emails: They purport to have been sent by some dethroned prince in a faraway land, or from a corrupt bureaucrat in an equally corrupt government. Whatever the ruse, they always claim to need your help in spiriting away millions of dollars. These schemes, known as “419,” “advance fee” and “Nigerian letter” scams, have been around forever and are surprisingly effective at duping people. But where in the world do these scammers get their distribution lists, and how did you become a target?

Some of the bigger spammers rely on bots that crawl millions of Web sites and “scrape” addresses from pages. Others instead turn to sellers on underground cybercrime forums. But as it turns out, there are still a handful of open-air markets where lists of emails are sold by the millions. If you buy in bulk, some you can expect to pay about a penny per 1,000 addresses.

One long-running, open air bazaar for email addresses is LeadsAndMails.com, which also goes by the name BuyEmails.org. This enterprise is based out of New Delhi, India, and advertises its email lists as “100% optin and 100 percent legal to use.” I can’t vouch for the company’s claims, but one thing seems clear: A good number of its clients are from Nigeria, and many of them are fraudsters.

Are Megabreaches Out? E-Thefts Downsized in 2010

April 19, 2011

The number of consumer and financial records compromised as a result of data breaches in 2010 fell dramatically compared to previous years, a shift that cybercrime investigators attribute to a sea-change in the motives and tactics used by criminals to steal information. At the same time, organizations are dealing with more breaches than ever before, and most data thefts continue to result from security weaknesses that are relatively unsophisticated and easy to prevent.

Time to Patch Your Flash

April 15, 2011

If it seems like you just updated your Flash Player software to plug a security hole that attackers were using to break into computers, you’re not probably not imagining things: Three weeks ago, Adobe rushed out a new version to sew up a critical new security flaw. Today, Adobe issued a critical Flash update to eliminate another dangerous security hole that criminals are actively exploiting.

This new update addresses a vulnerability first detailed here at KrebsOnSecurity.com on Tuesday, and Adobe deserves credit for responding quickly with a patch. But there are few things that are simple about updating Flash, which ships in a dizzying array of version numbers and for many users must be deployed at least twice to cover all browsers. In addition, users may have to uninstall the existing version before updating to guarantee a trouble-free install. Also, Adobe Air will need to be updated if that software also is already installed. Finally, fixing this same vulnerability in Adobe Reader and Acrobat will require installing another patch, which won’t be out for at least another 10 days.

U.S. Government Takes Down Coreflood Botnet

April 14, 2011

The U.S. Justice Department and the FBI this week were granted unprecedented authortiy to seize control over a criminal botnet that enslaved millions of computers and to use that control to disable the malicious software on infected PCs.

The target of the takedown was “Coreflood,” an infamous botnet that first emerged almost a decade ago as a high-powered virtual weapon designed to knock targeted Web sites offline. Over the years, the crooks running the botnet began using it to defraud owners of the victim PCs by stealing bank account information and draining balances.

Microsoft Issues Monster Patch Update

April 13, 2011

Microsoft released a record number of software updates yesterday to fix at least 64 security vulnerabilities in its Windows operating systems and Office products, including at least one that attackers are actively exploiting.

Updates are available for all versions of Windows via Windows Update or Automatic Update. Nine of the patches earned Microsoft’s “critical” rating, which means the vulnerabilities they fix could be exploited to compromise PCs with little or no action on the part of the user, apart from visiting a booby-trapped Web site or opening a tainted file.