Hackers Steal $150,000 from Mich. Insurance Firm

February 16, 2010

An insurance firm in Michigan lost nearly $150,000 this month as a result of a single computer virus infection.

Port Austin, Mich. based United Shortline Insurance Service Inc., an insurance provider serving the railroad industry, discovered on Feb. 5 that the computer used by their firm’s controller was behaving oddly and would not respond. The company’s computer technician scoured the system with multiple security tools, and found it had been invaded by “ZeuS,” a highly sophisticated banking Trojan that steals passwords and allows criminals to control infected hosts remotely

The following Monday, Feb. 8, United Shortline received a call from the Tinker Federal Credit Union at Tinker Air Force Base in Oklahoma, inquiring about a suspicious funds transfer one of its customers had received for slightly less than $10,000.

Continue reading

Warning About ZeuS Attack Used as Lure

February 13, 2010

Criminals have co-opted a column I wrote last week about ZeuS Trojan attacks targeted at government and military systems: Scam artists are now spamming out messages that include the first few paragraphs of that story in a bid to trick recipients into downloading the very same Trojan, disguised as a Microsoft security update.

Hat tip to security firm Sophos for spotting this vaguely elliptical attack. It is sometimes said tongue-in-cheek that plagiarism is the sincerest form of flattery, but I wish these crooks would find some other way of expressing their admiration.

The thing is, these sorts of copycat scams also serve as as a sort of token reputation attack, a sly dig that is often aimed at security researchers. For example, Jeffrey Carr, the author of the recent book Inside Cyber Warfare and a frequent publisher of information on the sources of large scale cyber assaults, told me that a similar spam campaign a few days ago that mimicked the targeted .mil and .gov Zeus attacks was made to look like it came from his e-mail address. Carr said the campaign that abused his name probably was in response to his recent blog post about the .mil and .gov attacks.

Advertisement

Rootkit May Be Culprit in Recent Windows Crashes

February 12, 2010

There are indications that the system crashes and the dreaded blue screen of death (BSoD) that many Microsoft Windows users reported suffering after installing this week’s batch of security updates may be caused at least in part by malware infestations on the affected machines.

Patrick W. Barnes, a systems administrator at Cat-man-du, a technology services firm in Amarillo, Texas, said at least three different customers came into his shop with the same blue screen of death after installing Tuesday’s patches on their systems. Barnes said that on closer inspection, he found that each had been previously infected with a rootkit, a set of tools sometimes installed by malware that are designed to hide the presence of the infection on the host system.

Continue reading

Critical Security Update for Adobe Flash Player

February 11, 2010

Adobe Systems Inc. today released an updated version of its Flash Player software to fix two critical security holes in  the ubiquitous Web browser plugin. Adobe also issued a security update for its Air software, a central component of several widely-used Web applications, such as Tweetdeck.

The Flash update brings the newest, patched version of Flash to v. 10.0.45.2, and applies to all supported platforms, including Windows, Mac and Linux installations. Visit this link to find out what version of Flash you have. The latest update is available from this link.

Continue reading

New Patches Cause BSoD for Some Windows XP Users

February 11, 2010

If you use Windows XP and haven’t yet updated your system with the applicable security updates that Microsoft issued Tuesday, you might want to hold off for a bit. Turns out, a non-trivial number of XP users are reporting that their systems suffer from the dreaded Blue Screen of Death (BSoD) and fall into an interminable reboot loop after installing the latest batch of patches from Redmond.

The problem seems to be affecting only some XP systems. This thread on a Microsoft.com answers forum seems to include a fix that works. However, the fix requires users to have their XP install CD handy (in a practice that should be outlawed, many computer makers get away with shipping systems without an install/reinstall disc)

According to the support forum threads I’ve seen on this, affected users noticed the problem on the reboot following the installation of Tuesday’s patch batch. The folks who complained of the bootup problem said the BSOD error page is accompanied by the message “PAGE_FAULT_IN_NONPAGED_AREA”.

If you’re experiencing the above-described problems after installing Tuesday’s bundle of updates, follow these steps, which a number of affected users have said seem to fix the problem:

Continue reading

13 Ways to Protect Your Windows PC

February 9, 2010

Microsoft today released a baker’s dozen of software updates to fix twice as many vulnerabilities in its various Windows operating systems and other software. Translation: If you use any supported version of Windows, it’s time once again to update your PC.

Five of the 13 update bundles Redmond issued today earned a rating of “critical,” meaning Microsoft considers these flaws so serious that attackers could exploit them to seize control over vulnerable systems just by getting users to visit a hacked or malicious Web site.

Continue reading

Comerica Phish Foiled 2-Factor Protection

February 8, 2010

A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than half a million dollars last year.

Experi-Metal sells metal stampings, trim moldings and specialty items.

The lawsuit, filed by Experi-Metal Inc. (EMI), in Sterling Heights, Mich., charges that Dallas-based Comerica Bank effectively groomed its customers to become phishing victims by routinely sending them e-mail messages that asked recipients to click a link to update the bank’s security technology. The company also alleges that Comerica’s security protections for customers are not commercially reasonable, because the phishing scam routed around the bank’s 2-factor authentication system.

According to a complaint EMI filed in December with a Michigan circuit court, for many years Comerica used “digital certificates” for authenticating online banking customers. Digital certificates are the browser-based counterparts to ATM cards, and many banks require customers to include the bank’s cryptographically signed digital certificate in their browser before the bank’s online system will allow users access.

Once a year from 2000 to 2008, Comerica sent emails to EMI and other customers directing them to click on a link in the email, and then log in at the resulting Web site in order to renew the digital certificate that Comerica required.

Continue reading

Zeus Attack Spoofs NSA, Targets .gov and .mil

February 6, 2010

Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack.

According one state government security expert who received multiple copies of the message, the e-mail campaign — apparently designed to steal passwords from infected systems — was sent exclusively to government (.gov) and military (.mil) e-mail addresses.
Continue reading

Hackers Try to Steal $150,000 from United Way

February 3, 2010

Hackers broke into computer systems at a Massachusetts chapter of the United Way last month and attempted to make off with more than $150,000 from one of the nation’s largest charities.

Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization’s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers.

“We were able to pretty much capture things as they were happening,” Latimore said. “Fortunately, we saw it on the day that it occurred.”

The intruders attempted to send more than $110,000 in unauthorized payroll transfers to at least a dozen individuals across the United States who had no prior business with the United Way chapter. At least one large wire transfer was attempted, for nearly $40,000, to a 32-year-old man in New York.

Continue reading

Another Way to Ditch IE6

February 3, 2010

This past week, I was reminded of a conversation I had with an ethical hacker I met at the annual Defcon security conference in Las Vegas a couple of years back who showed me what remains the shortest, most elegant and reliable trick I’ve seen to crash the Internet Explorer 6 Web browser.

If you’re curious and have IE6 lying around, type or cut and paste the following into the address bar (that last character is a zero):

ms-its:%F0:

or just click this link with IE6.

Here’s a short video example of the crash that results from typing that text above into an IE6 window:

Continue reading