September 29, 2005

What's The Risk?

Businesses and the individuals charged with protecting enterprises from malicious code and cyber attack are failing to communicate, with firms being left unaware of their levels of risk or the potential for their operation to be adversely impacted.

According to research from nCircle, which interviewed 1,800 CIOs, CSOs and IT directors, 65 per cent of UK respondents had no idea whether their exposure to risk is increasing or decreasing.

Separate research from the Economist Intelligence Unit revealed that only 40 per cent of companies regularly brief the board on emerging threats which will impact their levels of operational risk. Silicon.Com

September 28, 2005

An Attack Every Seven Minutes

CIOs within the financial services sector have said they have to up their efforts in the war on cyber crime if they are to win back customer confidence.

Speaking at the silicon.com CIO Forum in London, CIOs from Barclays, Deutsche Bank and Mitsubishi Securities outlined how they approach and tackle cyber crime.

Gary Edwards, CIO of Barclays IT, said his organisation is attacked every seven minutes.

"What we did during the 90s was push relationships away because we thought people would use ATMs and not need to speak to anybody," he said, urging banks to now do what they can to interact and communicate with customers in an attempt to bridge the gaping education divide in which fraudsters operate. Silicon.com

Air Traffic Control Open to Attack

High-tech networks that link key parts of the US air traffic control system lack important controls and are potentially vulnerable to hackers and others familiar with how those computer programs work, congressional investigators say.

In an update to a 2000 report, the Government Accountability Office (GAO) said on Monday the Federal Aviation Administration (FAA) has made progress in protecting IT systems and noted the agency's contention that its interconnected networks are secure.
Silicon.Com

September 26, 2005

Lloyds TSB Offers Free Security Check

Lloyds TSB is offering to help protect its online banking customers from viruses and spyware with a free PC security check.

A survey of 1,400 people commissioned by Lloyds TSB found that over half (54 per cent) of PCs and laptops have been infected with a virus, yet five per cent don't even know if they have antivirus protection and 10 per cent admit they don't regularly update their antivirus software.

Reasons for failing to keep antivirus software updated ranged from it being too expensive (13 per cent), to not knowing it was necessary (eight per cent) to "I can't be bothered" (six per cent).

In response to this and to address fears about the threat of viruses Lloyds TSB has teamed up with Zone Labs to offer online banking customers visiting lloydstsb.com a free PC security scan. – Silicon.Com

September 25, 2005

Off the Hook

Credit card companies don't have to notify customers their personal information has been stolen, a California Judge has ruled.

In June, CardSystems admitted intruders had compromised the confidentiality of 40 million credit card holders, and 200,000 records had left the network. CardSystems had refused to notify the card holders – The Register

eCommerce Slow Down

The effects of online security fears are already being felt. Analyst firm Gartner Group has revised its 2005 ecommerce prediction downwards this year after 42 per cent of consumers said they were spending less online because of security fears. Some 14 per cent have stopped paying bills online altogether.

September 22, 2005

Philip Green Has Company Identity Stolen

Fraudsters have hijacked the identity of a firm owned by billionaire businessman Philip Green. Crooks changed the registered address of a property company the BHS boss runs with his mother to order goods on credit and run up bills under an assumed identity. The ruse takes advantage of a flaw in the Companies House registration scheme.

It’s unclear how much crooks made through the scam, which only came to light last month after crooks attempted to swap the address back to its original location in a bid to avoid detection – The Register

Man Utd Fan Group Attempt DOS Attack

Legal firm Allen & Overy fought off a number of DoS attacks earlier this year when it was negotiating Malcolm Glazer's takeover bid of Manchester United, a company representative has revealed.

Fans "mounted a fairly crude attack" in response to the American millionaire's ultimately successful takeover bid earlier this year, targeting visible representatives of the company, such as the lead partner in the firm and the head of the external PR company – Silicon.Com

September 21, 2005

European target

Security watchers are reporting a surge of phishing attacks targeting European banks. Phishing attacks against over two dozen European banks were detected by security firm Websense last weekend (17-18 September).

Traditionally, fraudsters have targeted North American banks in phishing attacks. "This is the first time we have observed a significant number of European victims over a short period of time. The banks being targeted are predominately located in Spain and Italy," Websense notes.

September 20, 2005

VoIP Warning

Symantec is warning that Net phone systems could prove irresistible to hackers. The company’s Symantec Threat Report identified Voice over IP (VoIP) systems as a technology starting to interest hi-tech criminals.

The report predicted that within 18 months VoIP will start to be used as a "significant" attack vector and could also resurrect some old hacking techniques.

The growing use of VoIP could encourage the emergence of:

  • Audio spam that clogs voicemail boxes with spoken adverts

  • Voice phishing that tries to con people into handing over confidential details

  • Caller-ID spoofing which allows conmen to make it look like they are calling from a legitimate number such as a victim's bank

  • Call hi-jacking that re-directs calls to conmen and criminals

Spoofing Google

Virus writers have developed a worm that spoofs the behaviour of internet search engine Google, varying the results displayed to suit the requirements of hackers.
P2Load-A modifies the HOSTS file on infected PCs by replacing the original with a file downloaded from a remote website under the control of hackers. When users run a search, the results are normally shown correctly - but sponsored links are different. For some searches, other links appear which have been specified by the creator of this malware, resulting in increased traffic to these websites. – The Register

Symantec Security Report Summary

Malicious code threats to privacy and confidentiality increased rapidly in the first six months of 2005 - up 48 per cent on the back half of 2004. Virus writers upped their production lines to release 10,866 new Windows virus and worm variants in the first six months of this year, Symantec reports.

For the second period in succession, NetSky-P was the most reported malicious code sample. Gaobot and Spybot - both linked to the creation of zombie networks of compromised Windows PCs - were the second and third most reported.

Symantec chronicled 1,862 new vulnerabilities during 1H2005 - an average of 10 new flaws a day – 73 per cent of which it categorises as easily exploitable. The time between the disclosure of a vulnerability and the release of an associated exploit was just six days. Half (59 per cent) of vulnerabilities were associated with web application technologies.

Along with computer viruses and vulnerabilities, spam remains a leading security concern. Spam accounted for 61 per cent of all email traffic in the first half of 2005, according to Symantec, with over half (51 per cent) of all junk mail received worldwide originated in the US – The Register

Firefox and Mac Security 'Under Attack'

Symantec attacks sacred cows

Get breaking Security news straight to your desktop - click here to find out how Symantec has attacked the perceived security advantages of Firefox and Apple Macs by drawing unfavourable comparisons with Microsoft's software and describing Mac fans as living in a "false paradise". According to the latest edition of Symantec's Internet Security Threat Report, 25 vulnerabilities were disclosed for Mozilla browsers and 13 for Microsoft Internet Explorer in the first half of 2005. – The Register

September 19, 2005

ID Theft $15bn in 2005

US banks lose $50bn to phantom fraudsters

Reported ID theft losses represent only the tip of an iceburg, dwarfed by fraudulent losses run up by crooks assuming completely fictitious identities, according to analysts Gartner.

It reckons ID theft will claim 10m US in 2005 resulting in losses of around $15bn from 50m accounts. By comparison "victimless" fraud - bad debt run up in the name of non-entities - will hit $50bn this year. Silicon.Com

Frauds Reunited

Net scam comes from Russia with love

Scammers are hunting dating sites in the attempt to lure fresh victims. Instead of the lads from Lagos it’s the scammers from Siberia who've invaded match.com.

You may see where this is heading: Boy meet girl. Girl says she lives in New York, before claiming to be a dental technician from Omsk who needs money to get over to USA. Complications ensue. It's an old story and probably the basis of the plot for a forthcoming Woody Allan movie. – Silicon.Com

September 13, 2005

So What's a Bot-Herder Then?

Bot herder websites that specialise in dumbing down the process of managing zombie networks of compromised Windows PCs are under attack. High profile bot sites such as ryan1918.com and 0x90-team.com have disappeared, reports anti-virus firm F-Secure. Another such site, known as "Neo, The One" (neo-theone.com.ar), which was hosted in Argentina, went offline on Friday (9 September). – The Register

September 12, 2005

ISPs Blamed Over Corporate Security Threats

Internet service providers (ISPs) are failing to do enough to stem the tide of denial of service attacks, phishing scams and spam email bombarding corporate networks and websites, according to UK IT chiefs. Silicon.com

September 10, 2005

It's For You

It was addressed from me, to me and caused some alarm when I read it this morning, apparently a news item, “BREAKING NEWS: Microsoft CEO Vows to "KILL" Google”, which referring to a real story, that Steve Ballmer had “Picked up a chair and threw it across the room hitting a table in his office," asks “Do you trust a company with "your computer" security/privacy and support a company with a CEO that acts in this manner?”

My concern was over people receiving what looks like email from me, ‘slagging’ Microsoft but in fact, it’s source, is a zombie PC, hijacked by a business called SPAMIS, reportedly the child of super-spammer, Robert Soloway who lost a court battle to the software giant, over illegal spamming. Most recently, Soloway has been sending a rash of spam raging against the Microsoft Sender-ID framework, claiming that Microsoft is itself a spammer and as a result, my own email address has been hijacked.

And what can I do about it, absolutely nothing I guess but worry that some people might think it’s a legitimate email story sent out from me. One of my other domain addresses was harvested in such a way last month and I notice that my old email address is blacklisted. Will this ever stop I wonder or is it a modern curse that forces us to co-exist with or become victims of the pond-life of the Internet.

September 08, 2005

Net Banking - Not Worth the Risk?

Some UK internet users have stopped using online banking because they are scared of identity theft, an analyst claims.

According to a national study from Forrester Research, two per cent of 11,300 survey respondents said email scams and malware threats have put them off internet banking.

While that's a small percentage, considering there are around 32 million internet users in the UK, more than 600,000 people could be put off by internet banking due to security fears.">UK users 'quitting net banking over security fears' - Security Strategy - Breaking Business and Technology News at silicon.com: "UK users 'quitting net banking over security fears' Silicon.Com

September 07, 2005

Yahoo -The Phisherman's Friend

Yahoo! is hosting thousands of fraudulent websites that have domain names containing the words "bank", "PayPal" or "eBay", according to a leading anti-spam group Spamhaus.

Spamhaus claims Yahoo! is hosting almost 5,000 domain names using these words, many of which are linked to phishing scams. Silicon.Com

Fiction Works Better

Rogue diallers scalp Microsoft security guru?

Rogue diallers have allegedly claimed a high-profile victim - Microsoft UK's chief security advisor Ed Gibson.

Speaking to ZDNet UK on Tuesday, Gibson apparently revealed he has recently been hit by a £450 bill from BT after his computer was infected with a rogue dialler. Not true said Ed when I had lunch with him today. It was one of his colleagues at the US Embassy. After all, why would Ed be using a dial up connection over broadband!?

In March BT launched a service to protect users against rogue diallers, after being besieged with complaints from people who had received massive phone bills.

And last month, ICSTIS announced new powers to prevent the criminals who run rogue dialler scams from getting their money. Silicon.Com

September 06, 2005

The First Islamic Trojan

It’s true, an Islamic Trojan. Virus writers have created a Trojan horse which tries to disrupt visits the pornographic websites by displaying messages from the Koran.

The low-risk Yusufali-A Trojan horse monitors the websites Windows users are visiting. If the malware sees one of a set of trigger words (such as "teen", "sex" or "penis") in the URL it minimises the window so the user cannot see its content and displays a message from the Koran instead. The message, partly written in Arabic, contains the following English text:

Yusufali: Know, therefore, that there is no god but Allah, and ask forgiveness for they fault, and for the men and women who believe: for Allah knows how ye move about and how ye dwell in your homes. – The Register

Trust Your Mobile Phone?

Are mobile phone viruses over-hyped? Antivirus firm F-Secure has been accused of "over-hyping" the threat of mobile phone viruses in order to drive the sales of a new product guarding against such threats.

But the Finnish antivirus vendor has resolutely defended its claim that such viruses pose a huge threat to users, despite suggestions it has merely created its own market by talking up the risks. Silicon.Com

September 04, 2005

Britain Revealed as World Spam Capital

A story from the Sunday Times that looks at the case of Brett Sandiford, revealed as Britain’s number one spammer and admits to sending out 20m e-mails a year.

“E-criminals”, says the story, “Take advantage of new broadband technology to infiltrate spamming software into computers, often in private homes. These “zombie” machines then generate the spam messages without the owner’s knowledge.”

City insiders say that banks, online casinos and betting services based in Britain have paid out more than £80m to extortionists rather than have their systems put out of commission.

The story ends by saying that “Simon Moores, the managing director of Zentelligence Research and a member of the Association of Chief Police Officers’ working group on economic crime, said it had become more effective for criminal gangs to target the internet than to sell cocaine.”

September 01, 2005

Zotob Author Linked to Credit Card Fraud Ring

Turkish authorities have linked one of the suspects in the Zotob worm case to individuals thought to be part of a credit card fraud ring, according to the FBI.

Atilla Ekici, a 21-year-old Turk who used the nickname "Coder", may be affiliated with people thought to be part of a credit card fraud ring in Turkey, an FBI representative said on Tuesday. Ekici was one of two men arrested last week for allegedly unleashing several computer worms, including the Zotob worm that disrupted businesses worldwide two weeks ago. Silicon.Com

Phishers Get Their Hooks into IM

A website designed to look like an official Yahoo! service offering free games but most likely designed to facilitate ID theft has been discovered by internet security firm Trend Micro.

The fake site, which was still live as recently as today, is being hosted on a Yahoo! Geocities account and asks users to log in with their Yahoo! user ID and password. Once the details are entered, the site displays a slogan "PAGINA HACKEADA - CUIDADO!", which means "hacked page - be careful" in Spanish. Silicon.Com