Monday, August 31, 2009

Fla. Man In Credit Card Data Theft Accepts Plea

Miami Hacker Charged With Stealing A Record Amount Of Credit Card Data Accepts Plea Deal

(AP) A computer hacker accused of masterminding one of the largest cases of identity theft in U.S. history agreed Friday to plead guilty and serve up to 25 years in federal prison for his crimes.

Albert Gonzalez of Miami was charged with conspiracy, wire fraud and aggravated identity theft charges in federal courts in New York and Boston. Court documents filed in federal court in Boston indicate the 28-year-old Gonzalez agreed to plead guilty to 19 counts and combine the two cases in federal court in Massachusetts.

Additional charges against Gonzalez are still pending in New Jersey, but they are not currently part of the plea deal.

The Miami man is accused of swiping the credit and debit card numbers of more than 170 million accounts; officials said Gonzalez was the ringleader of a group that targeted large companies such as T.J. Maxx, Barnes and Noble, Sports Authority and OfficeMax, among others.

Gonzalez' Miami attorney, Rene Palomino Jr. declined comment Friday. He told The Associated Press on Thursday that his client was "extremely remorseful as to what has happened."

Friday's plea deal on the New York and Massachusetts charges ensures that he will be behind bars for 15 to 25 years. If convicted of all the charges in the plea agreement _ and if he had been sentenced to the maximum _ he would have received a sentence of several hundred years.

Gonzalez must forfeit his computers, condo, car, and cash; agents seized $1.1 million buried in his parents' backyard. His girlfriend must give back a Tiffany ring Gonzalez gave her and his father and friends have to return Rolex watches he gave to them.

He also will be restricted in his computer and Internet usage during his five years of post-prison, supervised release. That could be the toughest part of the sentence for a hacker who admitted being obsessed with computers.

Gonzalez, who was known online as "soupnazi," was born and raised in Miami and got his first computer as a boy. In high school, he used a computer in his school's library to hack into an Indian government Web site _ the FBI was called but Gonzalez was not charged with a crime.

Palomino said Gonzalez was a self-taught computer genius whose interest in technology turned into an addiction. In 2003, Gonzalez was arrested for hacking but not charged because authorities said he became an informant, helping the Secret Service hunt other hackers.

But Gonzalez continued to use his talents in the shadowy online world of data mining. Over the next five years, authorities said, Gonzalez continued to hack into the computer systems of Fortune 500 companies even while providing assistance to the government. A judge allowed him to move from New Jersey back to Florida in 2004, and court documents alleged that Gonzalez hacked into the national restaurant chain Dave & Buster's.

Gonzalez lived a lavish lifestyle during that time, buying his girlfriend a Tiffany diamond ring, throwing a $75,000 birthday party for himself, and considered investing in a nightclub. Gonzalez allegedly dubbed his hacking operation: "Get Rich or Die Tryin'."

Court records also show that he gave his father and two of his friends Rolex watches, along with amassing some $2.8 million. He bought a Miami condo and a blue BMW.

In May of 2008, federal authorities arrested Gonzalez while he stayed with his girlfriend at the luxurious National Hotel on Miami Beach. Agents seized $22,000 in cash, lots of computer equipment and a Glock 9 mm handgun from his hotel room.

Indictments in New York and Massachusetts said that Gonzalez and two foreign co-defendants used hacking techniques that involved "wardriving," or cruising through different areas with a laptop computer and looking for retailers' accessible wireless Internet signals. Once they located a vulnerable network, the hackers installed "sniffer programs" that captured credit and debit card numbers as they moved through aretailer's processing computers _ then tried to sell the data overseas.

Gonzalez was in the process of negotiating a plea agreement on those charges when, on Aug. 17, 2008, the U.S. Attorney's office in New Jersey brought additional charges against him. Prosecutors said he targeted customers of convenience store giant 7-Eleven Inc. and supermarket chain Hannaford Brothers Co. Inc. He also targeted Heartland Payment Systems, a New Jersey-based card payment processor.

In the most recent indictment, authorities said Gonzalez and his cohorts used a different technique to hack into corporate networks and secretly place "malware," or malicious software, that would allow them backdoor access to the networks to steal data later.___

CBS News

Unpatched Flaw Could Take Down Microsoft's IIS Server

A hacker has posted code that could be used to take over a system running Microsoft IIS (Internet Information Services) server.

The software, which was posted to the Milw0rm Web site on Monday, could be a big problem for some webmasters, however the attack appears to work only on older versions of Microsoft's products. It was not immediately clear how many versions of Microsoft's products are vulnerable to the attack, and Microsoft did not immediately respond to requests for more information on the issue.

The flaw lies in the File Transfer Protocol (FTP) software used by IIS to move large files around the Internet, so the victim would have to have FTP enabled in order to be vulnerable to the attack. According to the Milw0rm post, an attacker could use this code to install unauthorized software on the server.

According to the Milw0rm poster, the code works on Microsoft's decade-old Windows 2000 operating system, while running the older IIS 5.0 server. For the attack to work, the hacker would also need to be able to create a directory on the server, security experts say.

Other versions of IIS are also at risk, according to Thierry Zoller, an independent researcher who has studied the issue. However, newer versions of Microsoft's operating systems have features that make it less serious, he added via instant message.
PC World

Saturday, August 29, 2009

We're losing the war on cybercrime

While we chase after two-bit malicious hackers, cybercrime syndicates remain untouchable...
You may have read the reports: We have captured Albert Gonzalez, one of the "world's biggest malicious hackers." Big deal.

I've been fighting cybercrime for more than 20 years, so you'll have to excuse me if I'm a little jaded for thinking that this "huge" hacker is but another small-time player in the big-time world of cybercrime. In fact, I'm pretty sure that we still haven't captured a single major player -- the Pablo Escobars.

We know there are large, corporate crimeware gangs that steal tens (if not hundreds) of millions of dollars from unsuspecting Internet victims each year. They have corporate headquarters that would fit the mold of the Fortune 1000. They have extensive payrolls, pay millions in taxes, and enjoy business growth that would be the envy of Wall Street. Yet we haven't prosecuted a single person from any of these big online cybercrime syndicates, and I have no reason to believe that will change over the next few years. We are getting better at prosecuting cybercriminals in countries such as the United States, but these large organizations are based in other countries, protected by those nations' political leaders.

Professional organized cybercrime started with the "king of spam" corporate giants in the late 1990s. These organizations often made millions under the guise of legitimate Internet marketing while sending billions of illegal e-mails. Many of the owners became and remained rich. They bought large houses and outrageous cars, got new beautiful wives, and sent their kids to expensive private schools. Heck, spammers aren't even considered in the top 200 spammers unless they are sending out hundreds of millions of illegal e-mails per day.

Despite all the time we've have to deal with the spam giants, we've done a poor job in shutting them down. Yeah, we certainly manage to close down a few token shops each year and even eventually get some of the bigger guys back into court for the umpteenth time. However, spam is more widespread than ever, compromising 60 to 85 percent of all Internet e-mail in any given month. It's also more profitable than ever.
But the cybercrime giants of today make the old spam kings seem like island-owning fiefdoms. The Russian Business Network (RBN) is a representative example of today's new crimeware leaders. (You know you've made criminal history when your criminal organization has a three-page entry in Wikipedia.) The RBN operates on a massive scale, perpetrating nearly every form of illegal online crime available. Nothing is out of bounds. It participates in child pornography, huge denial-of-service attacks, spam, botnets, malware development, and it hosts perhaps the largest online criminal network. The RBN leads multilevel marketing platforms that rival the heady days of Avon.

FBI investigating laptops sent to U.S. governors

HP laptops mysteriously ordered for officials in 10 states may contain malicious software.

There may be a new type of Trojan Horse attack to worry about.

The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software.

[ Are you up to snuff in your security regimen? Get your defenses in tip-top shape with InfoWorld’s Security Boot Camp, a 20-lesson course via e-mail that begins Sept. 21.
Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted, according to a source who spoke on condition of anonymity because of the ongoing investigation.

The West Virginia laptops were delivered to the governor's office several weeks ago, prompting state officials to contact police, according to Kyle Schafer, the state's chief technology officer. "We were notified by the governor's office that they had received the laptops and they had not ordered them," he said. "We checked our records and we had not ordered them."

State officials in Vermont told him they've received similar unsolicited orders, Schafer said. Representatives from those states could not be reached for comment Thursday.

Schafer doesn't know what's on the laptops, but he handed them over to the authorities. "Our expectation is that this is not a gesture of good will," he said. "People don't just send you five laptops for no good reason."

The computers are now being held as evidence by state police, who are working with the FBI to figure out how the machines were sent to the governor's office, said Michael Baylous, a sergeant with the West Virginia State Police.

The West Virginia laptops were delivered Aug. 5, according to the Charleston Gazette, which first reported the story.

The laptops sent to the Wyoming governor's office arrived in two separate shipments on Aug. 3 and Aug. 6, according to Cara Eastwood, a spokeswoman for Governor Freudenthal.

"We received one package, opened it and realized that it was an error since no one in our office had ordered them," she said. "The next day we received another package. At this point we realized that they needed to be turned over to law enforcement."

Although there is no evidence that the computers contain malicious code, HP confirmed Thursday that there have been several such orders and that they have been linked to fraud. "HP is aware that fraudulent state government orders recently have been placed for small amounts of HP equipment," spokeswoman Pamela Bonney said in an e-mail message. "HP took prompt corrective action to address the fraudulent orders and is working with law enforcement personnel on a criminal investigation."

With users now more reluctant to install suspicious software or open attachments on their networks, scammers appear to be looking for new ways to get inside the firewall.

Criminals have tried to put malware on USB devices and then left them outside company offices, hoping someone would plug them into a computer and inadvertently install malicious software on the network. Many Windows systems are configured to automatically run software included on CDs and USB devices using a Windows feature called AutoRun.

Many organized criminals would be happy to spend the cost of five PCs in order to access government computers, said Steve Santorelli, director of investigations with security consultancy Team Cymru. "What is a netbook? $700? You send five of them; you're dropping three grand, and say you get into the Congressional e-mail system. How valuable would that be?"


Snow Leopard Malware Protection a Growing Pain for Mac OS X

Mac users have long relished the fact that malware is nearly a foreign concept to them. Yet, in a tacit acknowledgment of the growing threat of malware on the Mac platform, Apple has added some rudimentary malware protection into Snow Leopard.
Malware is a virtually constant plague for Windows users and an entire industry has been built around protecting the Windows operating system from viruses, worms, Trojans, and other malware threats. Microsoft-bashers claim it's a function of poor design and insecure coding by Microsoft, but security experts have also debated whether or not it is more a function of the virtual monopoly Windows has enjoyed as a desktop operating system.

Apple demonstrated an increased concern for malware on the Mac OS X operating system by including malware detection as one of the many updates in Snow Leopard. It seems that Apple realizes that the size of the bullseye painted on the operating system is in direct proportion to the number of systems using the operating system.

It makes sense. Arguments of superior design and security aside, malware is a business. If you were designing a wonder-widget, would you want to target it at a broad audience of millions around the world, or build your wonder-widgets for a small niche audience? Similarly, if you are trying to maximize the profit potential of your malware, would you write a virus that targets millions of Windows systems around the world, or invest your time exploiting holes in the relatively niche Mac OS X operating system?

Well, now that niche is hitting the mainstream. Redmond doesn't need to be too paranoid about Snow Leopard taking over the desktop market any time soon, but the fact of the matter is that the operating system has matured and Snow Leopard in particular introduces a number of updates and features that make it more viable for both consumers and businesses.

Hopefully Apple's newfound malware concern is misguided though since the malware detection in Snow Leopard offers nothing to actually block or remove any threats. Essentially, the antimalware feature in Snow Leopard is simply a modification of the Mac OS X File Quarantine feature. It takes the File Quarantine process one step farther by comparing files against a database of known threats to notify the user that the file may be malware.

Should a user ignore the warnings, or if a threat comes through that is not recognized as a known threat in the database, Snow Leopard could still become compromised by the malware. To actually scan and clean Snow Leopard systems users will have to look into third-party malware protection tools.
PC World

Thursday, August 27, 2009

Apple Confirms Anti-Malware Added to 'Snow Leopard'

On Wednesday, it was discovered that the latest version of Apple's OS X has clear built-in malware protection. Apple has since confirmed the addition.

One of Apple's stronger selling points has been its computers' seeming imperviousness to such threats. This is not the first time Apple has acknowledged the existence of malware, of course, but it may be the clearest example of such an acknowledgment.

Apple first introduced a feature called File Quarantine back in the days of OS X 10.4 Tiger. The same technology was also built into the next iteration of the software, OS X 10.5 Leopard. Apple is offering an "enhanced" version of the feature with this latest version, OS X 10.6, or "Snow Leopard," Apple confirmed.

Now File Quarantine pops up an alert the first time a potential piece of malware has been detected in Safari, iChat, or Mail.

"In these cases, rather than just advising the user that the file is an application, Snow Leopard provides a warning that the file contains known malware and suggests that the user move it to the Trash," Apple said in a statement. "For example, a bogus version of iWork circulated on the web a few months ago that contained malware. That particular malware is now automatically detected by File Quarantine. We see this as simply another example of the refinements users will find in Snow Leopard."

Apple creates the file signatures used by File Quarantine, and will be constantly updating signatures on its end, the company said.

PC Magizine

Wednesday, August 26, 2009

Inside Snow Leopard's hidden malware protection

File Quarantine is Mac users' first line of defense against malicious software...

While malicious software has long been a near-daily annoyance for Windows PCs, Mac users have become accustomed to not worrying about malware. Threats arise from time to time—in January of this year, for example, a Trojan horse made the rounds in pirated copies of Apple’s iWork software—but most Mac users these days are probably running computers without antivirus software.

Gauging Snow Leopard's speed boosts 27372522 Review: Snow Leopard Review 27372936 Inside Snow Leopard's hidden malware protection 27369520 10 reasons Snow Leopard is ready for business 27325196 11 major new Snow Leopard features 27372524 All about Snow Leopard 27372528 Apple has encouraged that habit, too, by frequently touting the Mac’s resistance to malware in its advertising materials, especially when compared to Windows. But with the release of Mac OS X 10.6 (Snow Leopard), Apple has finally decided to subtly step up its fight against malware, much as it has done in the past with antiphishing features in Safari. For the first time, the Mac OS contains a built-in system that detects malicious software and attempts to protect users from inadvertently damaging their computers.

How does it work?

Beginning with Mac OS X 10.4, Apple built a download validation system called File Quarantine into its operating system. In OS X 10.5 (Leopard), this manifested most frequently as a dialog box that popped up when a user first opened a file that was downloaded from the Internet via Mail, Safari, or iChat. The warning revealed which application downloaded the file, from what site, and at what time. It gave the user the option to continue opening the file, to cancel, or to view the Web page from which it had been downloaded.

In Snow Leopard, Apple has enhanced File Quarantine to also check files against known malware, pulling from a list of malware definitions at System/Library/Core Services/CoreTypes.bundle/Contents/Resources/XProtect.plist. As of this writing, the file contains only two definitions: the OSX.RSPlug.A Trojan Horse, first discovered in 2007, and the OSX.iService malware embedded in the pirated iWork installer mentioned earlier. However, Apple told Macworld that the list of definitions can be updated via Software Update.

If you try to open an infected file, Snow Leopard will present you with a stronger warning, saying that the file may damage your computer and suggesting that you move it to the Trash. As with the download validation dialog box, you have the option to continue or cancel, but if the file is on a disk image, there’s a button to eject the image; if, on the other hand, the file is already on your hard drive, that button instead invites you to move the file to the Trash. If you’ve enabled Safari’s Open "Safe" Files After Downloading preference, you will automatically be prompted with the dialog box when the download completes and the file opens. Unlike the more general warning, the malware warning doesn't disappear after the first instance; it will reappear each time you open the file.

File Quarantine seems to serve mainly as a gatekeeper for files downloaded from untrusted sources: think of it as a layer between the user and the untamed wilds of the Internet. Snow Leopard defines an expanded list of applications for which it "quarantines" downloaded files (marking that they've been downloaded from the Internet). So if you download a file via your Web browser (including Safari, Internet Explorer, Firefox, OmniWeb, Opera, Mozilla, Camino, and more) or an e-mail client (Mail, Entourage, or Thunderbird) or you receive a file via iChat, then it will be checked for malware when you open it. However, if you grab an infected file from another source, such as an FTP site, a file-sharing service like BitTorrent, or a program that’s not covered by Apple’s system, then you’re out of luck—the system won’t detect it.

Most important, Apple’s system appears to contain no way to clean malicious software off your Mac after it’s been infected. For that, it seems you’ll still need to turn to third-party antivirus products.

Does it work?

In our tests, the malware system successfully detected the OSX.RSPlug Trojan horse upon trying to open a file infected with it. The dialog box appeared regardless of whether the file was located on a disk image or the computer’s hard disk, as long as the file had been downloaded onto that computer via one of the applications that Apple's system checks.

Because Apple uses the extended attribute (which stores metadata about the file) to record the information about malware, that information can actually travel from Mac to Mac. However, whether the metadata remains with the file depends on exactly how the file is transmitted. If it’s copied via OS X’s file system—to a flash drive, for example, or via the Finder’s built-in file sharing—then the malware mark will stay emblazoned on the file like Hester Prynne’s big red A. However, if you transfer the file through another method—say, via FTP—that metadata will be lost. (There is one exception: zipping the file using OS X's built-in compression tools will keep the quarantine attribute present even if you transfer the file via FTP.)

Of course, malware protection is only as good as its definitions. It’s unknown how often Apple plans to update the virus definitions in Snow Leopard: such updates could be bundled into Security Updates and point releases the way that security patches currently are, either on an ad hoc basis as new threats arise or as a more regular set of updates delivered through Software Update. Apple has been criticized in the past for its sluggish response to security threats, so how it will handle this new system remains to be seen.

What does it all mean?

Now that OS X has built-in malware support, what does that mean for Mac users? Well, here are a few things it doesn’t mean.

It doesn’t mean that a flood of malware will suddenly overwhelm Mac OS X. Yes, Apple’s integration of an anti-malware system is a tacit admission that Mac OS X is far from immune to malicious software, but the company's response is more a prudent precaution than a reaction to an impending tide of evil software.

It also doesn’t mean that Mac users can go about downloading files willy-nilly, with no regard for safety. As always, every computer user, regardless of their computing platform, should take certain precautions: download files from trusted sources; don’t open e-mail attachments from unknown senders; make sure you assign strong passwords to your accounts. Malware prevention software can keep you from being caught unaware, but it doesn’t give you carte blanche to be irresponsible, any more than having a car alarm means you should go out of your way to park your car in a dangerous neighborhood.

And it doesn’t mean that third-party antivirus software makers like Symantec and Intego are going out of business. That’s often a concern when Apple jumps into an established software field, but as the company told Macworld, “The feature isn’t intended to replace or supplant antivirus software, but affords a measure of protection against the handful of known Trojan horse applications that exist for the Mac today.” Snow Leopard’s protection is more of a preventive measure than a cure for malware.
In sum, this added security is a good thing for most Mac users, especially those who have long eschewed antivirus software: we now have an additional level of protection that we didn’t have before. It's not bulletproof, but the next time you look a gift horse in the mouth, at least you'll know whether it's full of Greek warriors.
Mac World

Bernanke Victimized by Identity Fraud Ring

According to court documents, the Fed chairman and his wife were swindled in 2008 by a skilled team of crooks...

If ever there were living proof that identity theft can strike the mighty and powerful as well as hapless consumers, look no further than the nation's chief banker: Ben Bernanke. The Federal Reserve Board chairman was one of hundreds of victims of an elaborate identity-fraud ring, headed by a convicted scam artist known as "Big Head," that stole more than $2.1 million from unsuspecting consumers and at least 10 financial institutions around the country, according to recently filed court records reviewed by NEWSWEEK.

Last summer, just as he was dealing with the first rumblings of the financial crisis on Wall Street, Bernanke learned that a thief had swiped his wife's purse—including the couple's joint check book. Days later, someone started cashing checks on the Bernanke family bank account, the documents show. "It's fair to say he was not pleased," said one close associate of Bernanke, who asked not to be identified discussing what the Fed chairman considers a private matter.

The theft of the Bernanke check book—never publicly revealed until now—soon became part of a wide-ranging (and previously underway) identity-theft investigation by the Secret Service and the U.S. Postal Inspection Service. The probe culminated in recent months with a series of arrests, criminal complaints, and indictments brought by federal prosecutors in Alexandria, Va. The targets: members of a nationwide ring that used an inventive combination of old-fashioned thievery and high-tech fraud to loot the bank accounts of unsuspecting victims.

"Identity theft is a serious crime that affects millions of Americans each year," Bernanke said in a statement provided to NEWSWEEK. "Our family was but one of 500 separate instances traced to one crime ring. I am grateful for the law enforcement officers who patiently and diligently work to solve and prevent these financial crimes."

Identity theft is commonly associated with the heists of consumers' credit-card information and other personal data by cybercriminals. But Bernanke appears to have been swept up in the case only by chance—and through the most ancient of street crimes.

On Aug. 7, 2008, the Fed chairman's wife, Anna Bernanke, was at a Starbucks, not far from the couple's Capitol Hill home, when her purse was snatched off the back of a chair, according to Washington, D.C., court records. Among its contents: her driver's license, Social Security card, four credit cards, and a book of Wachovia bank checks from the couple's joint checking account. Printed on each check were the Bernankes' bank-account number, home address, and telephone number. Anna Bernanke reported the missing purse that day to the D.C. police.

But as it turned out, the perpetrator was no ordinary thief: he was working for a sophisticated crime ring that federal agents and the police in several states had been investigating for months. In the Chicago area, where some members were based, the ring went by the street name of "Cannon to the Wiz." (The term "cannon" is slang for pickpocket.)

One of the group's ringleaders, Clyde Austin Gray Jr. of Waldorf, Md., pleaded guilty to conspiracy to commit bank fraud in federal court in Alexandria, Va., just last month. Gray (who was known to members of his ring as Big Head) employed an army of pickpockets, mail thieves, and office workers to swipe checks, credit cards, military IDs, and other personal records, according to his plea agreement and other court records filed in his case.

One member of the ring had infiltrated an office of the Combined Federal Campaign, the official U.S. government-sponsored charity, and supplied the crime ring with stacks of checks mailed in by federal workers, the records show. Another worked in a Washington, D.C., doctor's office, with access to patients' records and their bank-account information.

The group's members also often traveled around the country targeting sporting events, such as this year's NCAA basketball Final Four tournament in Detroit, according to Donna Pendergast, an assistant Michigan attorney general who had her wallet swiped by a member of the ring after attending one of the games. Pendergast, who wrote an account of being victimized by the group last April on a blog called Women in Crime, told NEWSWEEK that the robber was so adroit he managed to lift the wallet from her purse without her even knowing it. "They took it right out of my purse while it was on my shoulder," she said. "I didn't feel a thing,"

After obtaining drivers' licenses and military IDs, the thieves took bundles of their freshly pilfered loot wrapped in rubber bands to cars parked on the street. Other members of the group waiting in the cars—equipped with laptop computers, scanners, and printers—then quickly reproduced phony new driver's licenses and IDs using the names of the victims, but substituting the victims' photos with those of Cannon to the Wiz members.

There is no evidence that the group reproduced a fraudulent driver's license in Anna Bernanke's name. But one of its members did allegedly put the Bernankes' joint checkbook to illicit use in a complex financial fraud that federal prosecutors described as a "split deposit" transaction.

Six days after the Starbucks snatch of Bernanke's purse, an alleged member of the ring named George Lee Reid walked into a Bank of America branch in suburban Prince George's County and posed as another identity-theft victim, identified in a federal affidavit as "K.N." (The person had reported his wallet stolen a few days earlier, court records show.)

Reid deposited two fraudulent $900 checks into K.N.'s bank account—one of them from the Wachovia account of "Ben S. Bernanke and Anna Bernanke." Having inflated K.N.'s account with the fraudulent check from the Bernankes, Reid simultaneously cashed two other fraudulent $4,500 checks that were made out to K.N. from a third victim, according to federal prosecutors. When all was done, he appears to have walked out of the bank with $9,000. (The Fed chairman had alerted Wachovia after the theft of his wife's purse and suffered no financial loss in the transaction, the Bernanke associate said.)

When federal agents busted the identity-theft ring earlier this summer, Reid was named as a co-conspirator in a 22-page affidavit signed by a U.S. postal inspector. But the names of the victims, including Bernanke, were concealed; the complaint referred to the victims only by their initials, referring, for example, to one of Reid's victims as "B.B."

However, a separate criminal complaint against Reid filed last fall in D.C. Superior Court (and overlooked until now) spelled out the full name of the Fed chairman: Ben S. Bernanke.

Reid's lawyer in the D.C. case, where the charges were ultimately dropped, did not return a phone call seeking comment. But a federal law-enforcement official—who asked not to be identified discussing an ongoing case—says there is now an outstanding arrest warrant for the man who allegedly scammed the Fed chairman and used his checkbook. "We're looking for him," said the official.

News Week

Symantec Offers Fix for Buggy Norton Patch

Symantec has posted a software fix after hundreds of users reported problems with a buggy update of the company's flagship Norton AntiVirus software.
The buggy patch was released last Wednesday and was automatically installed on systems running Norton 2009 and Norton 360 using the company's LiveUpdate system. For most customers the install went fine, but for "less than 1 percent" of users, the update didn't work, according to Symantec Spokeswoman Cecilia Daclan. Hundreds of users have complained about the issue on the company's online discussion boards, she said.
Users who experience the error get the message: "Symantec Service Framework has encountered a problem and needs to close..." before their software crashes.
"The problem was intermittently completely disabling my machine. I was afraid to open programs with critical data for fear that they would crash. CPU usage could hit 100 percent," wrote Norton user Robert Charlton in an online forum post.
Charlton spent seven hours on-line with Symantec Tech support on Friday. "It took them much too long to catch on," he wrote. "I've been telling them it's been their problem all week, and they've been telling me I need to take that up with vendors of much of my software."
Symantec's Daclan couldn't say exactly what caused the issue. It has to do with the way Norton handles responses from some custom-configured Windows machines, she said. "Most of the customers who are reporting the issue are using PCs that have been specifically configured or customized," she said. "They're not out-of-the-box PCs."
Although most Norton users have already been automatically updated, Symantec has pulled the patch and will release a fixed version later this week.
Users who experience this problem can download a software fix from Symantec's Web site.
This isn't the first problem with Symantec software updates this year. In March, Symantec engineers forgot to digitally sign a diagnostic program called PIFTS (Product Information Framework Troubleshooter). That caused it to be flagged by Norton's firewall.
Scammers soon tried to take advantage of the problem, by flooding Symantec's forums with bogus messages and setting up malicious Web pages that popped up when people searched for PIFTS.exe.

Report: Snow Leopard To Confront Mac Malware

Adding anti-malware to Snow Leopard is a Catch-22 for Apple: In solving a problem, Apple must first admit a problem actually exists. Which is hard when one of your major selling points is that you're secure and your major competitor--Microsoft Windows--is not.

Security vendor Intego made the apparent discovery of anti-malware features in Snow Leopard, evidence of which is being shown on its Web site. Apple has neither confirmed or denied the report.

If there really is anti-malware in Snow Leopard, due for release on Friday, it would be helpful for Apple to fess-up now. It would improve first-day sales, which might help Apple forget the bitter taste of crow, which Microsoft will presumably serve up.

There seems to be no compelling reason for Apple to add the feature right now. The world is not suffering a pandemic of Apple malware. Rather, most Mac users continue to run their systems without any type of protection.

Nevertheless, adding the protection, if that is what Apple has really done, is a good idea. If it is a good anti-malware solution and offers all the protection a user needs, it will make Snow Leopard a good deal and worth the expense.

Having just yesterday complained that even at $10 (in a 5-user package) the Snow Leopard upgrade might cost more than its worth, I am ready to change my mind. I'd happily pay a good bit more than $10 to have Apple solve all my malware troubles, even the ones I don't yet have.

It is clear that, over time, Macintosh will become a more frequent malware target. Apple's free ride is going to come to an end. It is wise for Apple to deal with the future challenge itself, though a free upgrade would reach many more users more quickly than Snow Leopard will following its release this Friday.

But, since there is no hurry and the feature presumably costs money (and certainly adds value) an inexpensive paid upgrade makes sense.

PC World

`Phishing' drops; are scammers switching tactics?

AP SAN FRANCISCO — Internet criminals might be rethinking a favorite scam for stealing people's personal information.
A report being released Wednesday by IBM Corp. shows a big drop in the volume of "phishing" e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipients click on a link in a phishing e-mail, they land on a rogue Web site that captures their passwords, account numbers or any other information they might enter.

IBM's midyear security report found that phishing accounted for just 0.1 percent of all spam in the first six months of this year. In the same period in 2008, phishing made up 0.2 percent to 0.8 percent of all spam.

It's not clear what, if anything, the decline means. (It also doesn't appear to be a statistical illusion caused by an increase in other kinds of spam. IBM said overall spam volume hasn't expanded, like it did in years past.)

"That is a huge, precipitous decline in the amount of phishing," said Kris Lamb, director of the X-Force research team in IBM's Internet Security Systems division, which did the report. But "I wouldn't tell anybody that phishing has died as a threat."

Lamb believes phishing might have fallen off because computer users are getting smarter about identifying phony Web sites. Security software is also getting better at filtering out phishing sites before Web surfers ever seen them.

It could also be that criminals are moving on from phishing to another kind of attack, involving malicious software. IBM said it is seeing more instances of "Trojan horse" programs, which are used to spy on victims.

Dean Turner, director of Symantec Corp.'s global intelligence network, who was not involved in IBM's research, said Symantec has also noticed less phishing, but warned that it could increase again later in the year. Phishing scams spike around the holidays, he said.

IBM found that criminals are changing the types of businesses they attack with phishing. Sixty-six percent of phishing targets were banks, down from 90 percent last year. Meanwhile, companies that handle online payments, like PayPal, are being mimicked in phishing messages more frequently.

To protect yourself against phishing, access sensitive sites on your own, rather than by following links in e-mails, which might lead to phishing sites.

Tuesday, August 25, 2009

55,000 Web Sites Hacked To Serve Up Malware Cocktail

Got this article from a great blog called *Zero Day  written by Ryan Naraine. Try to enjoy your cocktail...C.S.G.
Security researchers are raising an alarm for a potent malware cocktail — backdoor Trojans and password stealers — being pushed to Windows users from about 55,000 hacked Web sites.
According to Mary Landesman, a researcher in ScanSafe’s security threat alert team, the cybercriminals have embedded a malicious iFrame into tens of thousands of Websites to fire exploits at unsuspecting PC users who surf to one of the rigged sites.
The iFrame points to an intermediary exploit site which in turn loads additional exploits and malware from up to seven different malware domains, Landesman said.
She ran a Google search of the iFrame script tag and found it embedded on about 54,900 sites, many of them legitimate online destinations.

Victim sites include,, and a number of charitable and nursing facilities, including,,, and

At the time of writing this blog post, the number of hacked sites listed in Google results climbed to 56,000.

It is not yet clear which vulnerabilities are being exploited in this attack but, judging from recent history, end users should ensure that operating system and desktop software programs are fully patched.

The most common programs under attack include Adobe Flash, Adobe PDF Reader, Apple’s QuickTime, WinZip and RealPlayer. In addition to Microsoft Windows patches, these desktop applications should be updated to the newest version immediately.

* Zero Day

Zero Day Threat...

If this doesn't scare you, you're not breathing...C.S.G.

Jessica Beil Most Dangerous Celebrity On The Web!!!!

Most guys I know wouldn't mind being close enough to the stunning Ms. Biel to catch a cold, but she's the number one celebrity name infecting thousandsof PCs with viruses at this time according to McAfee...C.S.G.

Security technology company McAfee Inc. on Tuesday reported that searches for the 27-year-old actress are more likely to lead to online threats such as spyware and viruses than searches for any other celebrity.

McAfee said fans searching for the actress have a one-in-five chance of ending up at a Web site designed to damage one's computer. Its the third annual report on the subject from McAfee, which last year found that Brad Pitt was the "most dangerous" celeb online.

"Cybercriminals are star watchers, too," said Jeff Green, senior vice president of McAfee's product development. "They latch onto popular celebrities to encourage the download of malicious software in disguise."

Following Biel in the report, in order, were Beyonce, Jennifer Aniston, Tom Brady and Jessica Simpson. McAfee noted President Barack Obama and first lady Michelle Obama are curiously safe searches, ranking no. 34 and no. 39, respectively.

Monday, August 24, 2009

Eastern European Cyber Criminals Target U.S. Businesses

Organized cyber gangs in Eastern Europe are increasingly preying on small and mid-sized companies in the United States, setting off a multi-million dollar online crime wave that has begun to worry the nation's largest financial institutions.

A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to put in place many of the precautions now used to detect consumer bank and credit card fraud.

"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," reads the confidential alert sent to members of the Financial Services Information Sharing and Analysis Center, an industry group created to share data about critical threats to the financial sector.

The group is operated and funded by such financial heavyweights as American Express, Bank of America, Citigroup, Fannie Mae and Morgan Stanley.

Because the targets tend to be smaller, the attacks have attracted little of the notoriety that has followed larger-scale breaches at big retailers and government agencies. But the industry group said some companies have suffered hundreds of thousands of dollars or more in losses.

Many have begun to come forward to tell their tales. In July, a school district near Pittsburgh filed suit to recover $700,000 taken from it. In May, a Texas company was robbed of $1.2 million. An electronics testing firm in Baton Rouge said it was bilked of nearly $100,000.

In many cases, the advisory warned, the scammers infiltrate companies in a similar fashion: They send a targeted e-mail to the company's controller or treasurer, a message that contains either a virus-laden attachment or a link that -- when opened -- surreptitiously installs malicious software designed to steal passwords. Armed with those credentials, the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 in order to avoid banks' anti-money-laundering reporting requirements.

The alert states that these scams typically rely on help from so-called "money mules," willing or unwitting individuals in the United States -- often hired by the criminals via popular Internet job boards. Once enlisted, the mules are instructed to set up new bank accounts, withdraw the fraudulent deposits, and then wire the money to fraudsters, the majority of which are located in Eastern Europe, according to the advisory.

"Eastern European organized crime groups are believed to be predominantly responsible for the activities that are employing witting and unwitting accomplices in the U.S. to receive cash and forward payments -- from thousands to millions of dollars to overseas locations -- via popular money and wire transfer services," the alert warns.

The FBI said it is working to stem the problem.

"We share a mutual concern with respect to criminals' unrelenting intent to target our nation's financial sector and customers, whether through computer hacking or by other schemes to steal customer account information and make unauthorized withdrawals," Steven Chabinsky, deputy assistant director for the bureau's cyber division, said in a statement.

The Financial Crimes Enforcement Network, a Treasury Department division that tracks suspected cases of fraud reported by banks, said incidences of wire transfer fraud rose 58 percent in 2008. But experts say reliable figures about losses from commercial online banking fraud are hard to come by, and many incidents go unreported.

 "The data is not quite where it could be, and we don't have a good benchmark in terms of determining the prevalence of this type of fraud," said Cliff Stanford, director of the Retail Payments Risk Forum at the Federal Reserve Bank of Atlanta. "As a result, banks and consumers might not fully understand where they need to best deploy additional security measures."

Businesses and consumers do not enjoy the same legal protections when banking online as consumers. Consumers typically have up to 60 days from the receipt of a monthly statement to dispute any unauthorized charges.

In contrast, companies that bank online are regulated under the Uniform Commercial Code, which holds that commercial banking customers have roughly two business days to spot and dispute unauthorized activity if they want to hold out any hope of recovering unauthorized transfers from their accounts.

Avivah Litan, a fraud analyst with Gartner Inc., said few commercial banks have invested in back-end technologies that can detect fraudulent or unusual transaction patterns for businesses.

"The banks spend a lot of money on protecting consumer customers because they owe money if the consumer loses money," Litan said. "But the banks don't spend the same resources on the corporate accounts because they don't have to refund the corporate losses."

The incidents in many cases are pitting victims against their banks. In July, a public school district near Pittsburgh filed a lawsuit against ESB Bank, a subsidiary of Ellwood City, Pa.-based ESB Financial Corp., to recover funds stolen due to cyber fraud. The Western Beaver school district charges that crooks used malicious software to siphon more than $700,000 from the school's account at ESB. According to the lawsuit, the funds were transferred in 74 separate transactions over a two-day period, to 42 different money mules.

In April, cyber crooks stole $1.2 million from Unique Industrial Products Co., a Sugar Land, Tex.-based plumbing equipment supply company. Pankaj Malani, the company's operations manager, said a forensic analysis showed the attackers used malware planted on its computers to initiate 43 transfers out of the company's account in the span of 30 minutes. The intruders sent some of the funds directly to Eastern Europe, and funneled the remainder through people in the United States.

Malani said the FBI is still investigating that case, but because the company spotted the fraud quickly, its bank was able to retrieve all but $190,000 of the stolen money. His employer has since purchased cyber security insurance to protect against future losses, and requires two employees to sign off on all wire transfers.

"This could have put us out of business," Malani said.

Other small to mid-sized companies have not fared so well. In February, fraudsters struck JM Test Systems, an electronics calibration company in Baton Rouge. According to Happy McKnight, the company's controller, on Feb. 19, an unauthorized wire transfer in the amount of $45,640 was sent from JM Test's account to a bank in Russia. The company's bank subsequently provided the company with new credentials. But less than a week later, $51,550 of JM Test's money was transferred to five money mules across the country. The fraudsters set the transfers to go out on a Thursday evening, the same day JM Test releases payroll checks to its 150 employees.

McKnight said her employer was able to recover just $7,200 of the stolen money, which was returned only because one mule who was to receive that transfer apparently closed his or her account before the transfer could be completed. While the company was searching for a new bank, it had to scramble to shut down its payroll system online, start cutting checks by hand and find a manual way to manage automatic employee payroll deductions. The company is still considering whether to sue their bank to recover the stolen funds.

"The whole thing consumed us for about a month," McKnight said. "When we start looking at all of the investigation and the things we had to change as a result of this fraud, we estimate the soft costs to our company is already three times what our straight online banking loss was."

Washington Post

Sunday, August 23, 2009

Profile of a hacker: How the "soupnazi" did it

The man allegedly behind the biggest identity theft ever did it through a fairly simple ploy...
Monday, one of the most brazen hackers in American history was indicted in federal court in New Jersey. Federal authorities allege that Albert Gonzalez, along with two unnamed Russian associates, engineered one of the largest credit card and identity theft schemes in history. But this is hardly Gonzalez's first run-in with authorities over cyber-crimes. Here's a snapshot of Gonzalez and his short but startling history of plaguing American businesses and consumers.

Profile of a hacker:
Name: Albert Gonzalez
RedditAge: 28
Online pseudonyms: segvec, soupnazi, Cumbajohnny and j4guar17
Current co-conspirators: Two men from Russia who authorities did not identify by name.
Past criminal affiliations: Leader of Shadowcrew, an online credit-card hacking ring. In 2004, 26 of the 4,000 members of the hacking crew were arrested and convicted.

Gonzalez's hacking timeline:
2003: Gonzalez was arrested for hacking but not charged with a crime because he agreed to work as an informant for the Secret Service on cyber-crimes. Yet, according to the Justice Department, he was again engaging in illicit activities fairly soon after his arrest.

October 2004: The government arrests members of the Shadowcrew. Gonzalez was the alleged leader of this hacking group.

November 2004: Gonzalez is allowed by the government to move from New Jersey to Florida. He then begins his hacking of Dave & Buster's restaurant chain.

October 2006-May 2008: Gonzalez and his associates targeted Fortune 500 companies with network security problems. He allegedly stole over 130 million credit and debit card numbers from Heartland Payment Systems Inc., a credit card payment processor, 7-Eleven, a national convenience store chain, and Hannaford Brothers Co., a supermarket chain. He was indicted for his leadership in this hacking ring Monday. Heartland is the world's 9th largest credit card processor.

May 2008: Gonzalez has been in custody since May 2008 when he was arrested for data theft at Dave & Buster's.

August 2008: Gonzalez is indicted for improperly probing the networks of many major U.S. retailers including TJX Companies (owner of TJ Maxx), BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. At the time, it was thought to be the largest individual instance of credit card data theft via the hacking of private computer systems, as nearly 40 million card numbers were stolen. Authorities have said the breach cost TJ Maxx close to $200 million.

August 2009: Gonzalez and two unnamed associates are charged in federal court in New Jersey with running the largest credit card and identity theft hacking operation ever prosecuted. Gonzalez was already awaiting trial in New York for his hacking of the network at Dave & Buster's restaurants and in Massachusetts for his penetration of TJX Companies.

How he did it:
By all accounts, what makes Gonzalez's success so terrifying for consumers is that his alleged hacking ring was not very sophisticated. Officials have said Gonzalez used a technique called "wardriving," in which he and his associates travel to different areas searching for accessible wireless Internet networks. They then hacked into these networks, installing "sniffer programs" and "malware" software that allowed them to steal credit and debit card numbers from retailers. Gonzalez exploited holes in the SQL programming language used by many databases.

In the charges brought against Gonzalez on Monday, authorities said that once Gonzalez and his co-hackers captured the personal data, they'd send the information to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine. Gonzalez would either then sell the numbers online or make purchases or unauthorized withdrawals from the banks the cards were linked to.

Gonzalez and his associates face anywhere from 35 years in prison to possible life sentences if convicted on all the charges currently brought against them. They also may have to pay more than a $1 million in fines.

What consumers should know:
•According to identity theft experts, restaurants are particularly attractive for hackers because they seldom update their anti-virus software and other computer security systems.

•Not all states require companies to notify consumers once their information has been compromised. It is unknown whether those affected by Gonzalez's heist were ever even alerted.

•If you're worried about identity theft, you should check the government's site here: FTC Id Theft


Actor Antwon Tanner pleads guilty in scheme in NYC

NEW YORK – "One Tree Hill" actor Antwon Tanner has pleaded guilty to selling more than a dozen Social Security numbers for $10,000. Tanner told a federal judge in Brooklyn on Friday that he was a middleman, selling numbers someone else provided. He and his lawyer didn't comment on how he got involved in the scheme.
Tanner is expected to get as much as a year in prison at his sentencing, set for Nov. 20.
The 34-year-old actor was charged in April with selling 16 Social Security numbers and three bogus Social Security cards.
Tanner plays the character Skills in the CW series. Representatives for the network didn't immediately return a telephone call Saturday.
Tanner also appeared in the 2005 movie "Coach Carter," starring Samuel L. Jackson.

Saturday, August 22, 2009

Label hunts hackers who stole Lewis/Timberlake song

LONDON (Reuters) - Record label SyCo and music trade body IFPI have called in the police to help them hunt down computer hackers who leaked a track by Leona Lewis and Justin Timberlake on the Internet.
The song, "Don't Let Me Down," is being considered as the first single release from the X Factor winner's next album, according to the Sun newspaper.
"IFPI is working with SyCo and law enforcement agencies in the U.S. and Europe to trace the individuals who stole the Leona Lewis/Justin Timberlake track," said Jeremy Banks, head of IFPI's Internet Anti-Piracy Unit.
"The police investigation is ongoing," he said in a statement. "Such pre-release leaks, however they are sourced, are highly damaging to our members who invest considerable budgets in marketing and promoting music ahead of release."
The music industry has seen revenues slump in recent years amid rampant internet piracy in some regions, and the rise in legal digital downloads has failed to make up for losses in physical music purchases.
SyCo is music promoter and television talent show judge Simon Cowell's division of Sony Music Entertainment, which signs up acts who appear on The X Factor show in Britain.
Lewis won The X Factor in 2006, and her debut album "Spirit" topped charts around the world. Her second album is slated for release in November.
Ace Show Biz

Online Swine Flu Scams On The Rise

As the swine flu outbreak reaches near pandemic levels, cybercriminals continue to use the flu scare as bait to scam Internet users.
About five percent of global spam volume now mentions “swine flu” to trick people into opening the e-mail message. That could amount to billions of messages each day. McAfee Avert Labs has seen between 80 billion and 100 billion spam messages each day over the last month. Note: there was no spam at all that mentioned swine flu before the weekend.
The swine spam is being sent from all over the world, which isn’t a surprise since the messages are sent from compromised computers networked in a criminal botnet. Still, about half of all the swine flu spam seen to date originated in Brazil, the United States and Germany. There’s a chart that shows the breakdown on the McAfee Avert Labs blog.
McAfee has also seen sites with the words “swine” and “flu” pushing malicious code. In one case a Russian-based site instructs the visitor to install a “video codec” to view a movie. This isn’t a real codec to allow viewing; instead it is malicious software that puts the victim’s computer at the beck and call of the attacker.
Additionally, McAfee Avert Labs has seen an increase in the registration of domain names that mention swine flu, which could indicate a rise in malicious sites that take advantage of the scare.
Should you need information on the flu situation, go to the World Health Organization, CDC or any other reputable source, do not follow links that arrive in spam, instant messages or on social networking Web sites. If you think your PC might be infected or that you may have been the victim of a cybercrime, visit McAfee’s free Cybercrime Response Unit.
For your reference, subject lines for the swine flu messages include:Salma Hayek caught swine flu!Madonna caught swine flu!First US swine flu victims!US swine flu statisticsSwine flu worldwide!Swine flu in Hollywood!Swine flu in USA.

Cybercrime Is a Growing Problem for Small Businesses

Cybercrime Is a Growing Problem for Small Businesses
Ever-more-sophisticated computer hacking of business networks and Web sites will require more safeguards and constant vigilance.

Think cyber crooks aren’t interested in your business? Think again. It’s not only the biggest or best-known companies that get hacked by organized syndicates or smaller cybercrime actors looking to steal corporate secrets and customer data.
Every company is a potential victim, even firms that spend heavily on security systems and IT staff. A determined and knowledgeable hacker will find a way to penetrate, and it can be costly. Losses are hard to calculate, but estimates from theft range as high as $1 trillion a year worldwide.
You may have been hit already and don’t know it. Many criminals operate under the radar, planting spyware and stealing valuable company data for months without businesses knowing it until it’s too late. Some thieves will tap into your customer base, grabbing credit card and other bank account information. Others copy trade secrets and sell them to competitors who may then lure away your customers. This is in addition to those who crash sites with the aim of keeping your online operation down for days and costing you business.
Not all of the popular targets are obvious. Charities and other nonprofits are targets because their lists and information on benefactors and donors can be valuable. And criminals often go after beneficiary lists from life insurers.
Organized crime rings are behind a high percentage of the attacks, often operating from abroad -- Russia, Ukraine and China, especially.
Fail-safe protection doesn’t exist. Even the Pentagon, with a battalion of the best computer specialists, gets hit repeatedly.
But it’s important to do whatever you can. Crooks will go where the taking is easiest, just as car thieves will grab a radio from an unlocked car before going through the trouble of circumventing a security system.
Many small businesses have no protection. One in five does not have antivirus software, and more than half don’t use encryption for wireless links. Two in three have no formal security policy, essentially banking on good luck that they won’t be victimized.
Computer safety doesn’t have to cost you a fortune. Some basic steps to take:
Install security software that includes antivirus, antiphishing, antispyware and networkwide anti-intrusion features and with automatic updating. The subscription cost is not much, about $100 a year.
Set up a firewall to protect all confidential information. Use multiple walls to guard your most sensitive data or keep it on a separate server or on paper. Use so-called smart passwords with numbers, letters and symbols, and change them periodically.
Be sure to block access to your network to ex-staffers. Beware of disgruntled workers who may be out to get you through computer stealth. Give employees in different departments and positions access only to parts of the network they need.
Also, vet anyone who buys advertising on your Web site. This, too, can be a source of malicious software. A personal phone call can trip up those who buy ads and use them to lure your customers to phony sites.
Train employees in safe computer practices. It’s the most important best practice and often overlooked by companies. Let them know that visiting nonwork-related sites puts the firm at risk. Eighty percent of malware is downloaded unknowingly at adult pornography sites.
Opening attachments from unknown sources can render a firewall useless. Laptops carried out of the office or left at a business conference are prime targets for theft.
Also, consider contracting with a certified “ethical hacker” to test your system regularly and to offer guidance to your in-house computer staff.

Kapersky Antivitus Crash Vulnerable DOS Exploit Found In Kasperskey Antivirus 2010

21st of August 2009, 14:02 GMT

A recent security report from Maksymilian Arciemowicz presented on the SecurityReason website details how remote users could crash PCs running Kaspersky-owned products. Pointing the antivirus to parse a URL, the users' CPU can be tricked to consume excessive resources and eventually crash.The vulnerability affects Kaspersky Internet Security 2010 antivirus and its brother, the Kaspersky Antivirus 2010 version. The exploit was discovered on August 18th 2009, Kaspersky not being able to release a security update patch to this problem at the time when this article was written (check for updates at the bottom of the page).The problem with these two antivirus versions appears when parsing a URL address. Using a lot of consecutive dots inside the address, the Kaspersky native avp.exe process will soar CPU usage up to 100%. At first, traffic via the browser will get blocked, and eventually, if enough consecutive dots have been passed inside the URL address, the computer will crash.This exploit can be used inside HTML files, as normal href values or as img image sources. It will also work inside HTML email bodies. The code can be used remotely, and will lead to a denial-of-service that could alter computer hardware or software.According to Maksymilian Arciemowicz, “The main problem exists in parsing url addresses […] Relativistic time to return to normal behavior is very long. In practice, when we give a large number of dots, kaspesky will not return to normal behavior.” He also added that, “This example will denial access to the browser and other kaspersky operations […] The user who executed the code above, will be deprived of the possibility of browsing and successive reset the Kaspersky.”SecurityReason has classified this DOS attack vulnerability as a medium threat to PC users. Details and code exploit examples can be found at this link.

FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule

To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009.

The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft. The financial regulatory agencies, including the FTC, developed the Rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA’s definition of “creditor” includes any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

The FTC’s Red Flags Web site,, offers resources to help entities determine if they are covered and, if they are, how to comply with the Rule. It includes an online compliance template that enables companies to design their own Identity Theft Prevention Program through an easy-to-do form, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.

Although many covered entities have already developed and implemented appropriate, risk-based programs, some – particularly small businesses and entities with a low risk of identity theft – remain uncertain about their obligations. The additional compliance guidance that the Commission will make available shortly is designed to help them. Among other things,
Commission staff will create a special link for small and low-risk entities on the Red Flags Rule Web site with materials that provide guidance and direction regarding the Rule. The Commission has already posted FAQs that address how the FTC intends to enforce the Rule and other topics – The enforcement FAQ states that Commission staff would be unlikely to recommend bringing a law enforcement action if entities know their customers or clients individually, or if they perform services in or around their customers’ homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.

The three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of the Rule and any obligations that they may have under it. These steps are consistent with the House Appropriations Committee’s recent request that the Commission defer enforcement in conjunction with additional efforts to minimize the burdens of the Rule on health care providers and small businesses with a low risk of identity theft problems. Today’s announcement that the Commission will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies’ enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.
FTC Red Flags Rule

Friday, August 21, 2009

PCs infected by identity theft malware up 600 percent

Friday, August 21, 2009
The number of computers infected by malware designed to steal personal or banking information for identity theft and fraud has shot up 600 percent in the past year, according to a report from web security firm Panda Security.Panda's security research division, PandaLabs, has captured samples of 11 million new malware threats so far this year, approximately 8 million of which are Trojans - a type of malware that is disguised as a non-threatening file.Trojan malware can be used to track keystrokes to steal login information and passwords for banking websites or can come in the form of fake banking or other websites for phishing user information."One of the possible reasons for this increase is the economic crisis. This in conjunction with organizations that have made a business out of selling personal information on the black market, such as credit card numbers, PayPal or eBay accounts is what we can attribute the rise to," said Luis Corrons, technical director of PandaLabs.PandaLabs estimates that approximately 3 percent of all users have fallen victim to theft through online attacks.
MX Logic

Accused credit card hacker lived large in Miami

Nestled near a row of sultry, silvery-green palm trees and an infinity pool, room 1508 at the National Hotel on South Beach is a portrait of Art Deco luxury. It is also where, on May 7, 2008, federal agents seized two computers, $22,000 in cash and a Glock 9 gun from a man known on the Internet as “soupnazi.”
His real name is Albert Gonzalez, and he was with his girlfriend when federal agents arrived. Just as the setting was not run-of-the-mill, neither was the arrest. Gonzalez was charged with hacking into business computer networks and stealing credit and debit card accounts — and in an embarrassing twist, he had once been an informant for the U.S. Secret Service.
This week, Gonzalez, 28, was indicted in New Jersey on more federal charges. Now the biggest credit card hacks of the decade — totaling 170 million accounts — have been pinned on Gonzalez.
Industry analysts marveled at the scope of the operation — which Gonzalez allegedly dubbed “Get Rich or Die Tryin’.” One compared it to a hackers’ version of the 1980s gangster movie “Scarface.”
“Albert Gonzalez is definitely the Tony Montana of credit card theft,” said Sean Arries, a computer security expert at the Miami-based Internet technology company Terremark.
Gonzalez has been in custody since his 2008 arrest in Miami Beach. He awaits federal trials in New York and Massachusetts, along with the New Jersey charges. If convicted he faces life in prison.
Gonzalez’s lawyer, Rene Palomino Jr., wouldn’t address the charges in detail, saying that the case is in a “very delicate stage” and that Gonzalez is trying to resolve it. The attorney said Gonzalez and federal prosecutors were close to reaching a plea deal in the New York and Massachusetts cases this week, before the New Jersey indictment was added.
People who know Gonzalez say he is a nerdy, shy man who got mixed up in a shadowy world.

Wednesday, August 19, 2009

Raddison Hotel Computers Hacked Into

Radisson Hotel Computers Broken Into
Credit card numbers on hotel computersystem
Wednesday, 19 Aug 2009, 9:07 AM CDT

MINNEAPOLIS - Radisson Hotels and Resorts said Wednesday its computer systems have been accessed without authorization. Radisson says guest information, including credit card numbers, may have been accessed. Social Security numbers were not included on the computers.
Radisson says it has informed customers of the situation and has advised all guest to review their account statements and report any unauthorized purchases to the bank that issued the credit card, as well as the police.
David Chamberlin, a spokesman for Radisson, said the company is unable to provide accurate estimates of the number of potentially exposed records at this time because the investigation is still ongoing. Chamberlin said the company will provide updates as more information becomes available.


Tuesday, August 18, 2009

Arrest in Epic Cyber Swindle

A 28-year-old American, believed by prosecutors to be one of the nation's cybercrime kingpins, was indicted Monday along with two Russian accomplices on charges that they carried out the largest hacking and identity-theft caper in U.S. history.
Federal prosecutors alleged the three masterminded a global scheme to steal data from more than 130 million credit and debit cards by hacking into the computer systems of five major companies, including Hannaford Bros. supermarkets, 7-Eleven and Heartland Payment Systems Inc., a credit-card processing company.
U.S. Secret Service courtesy of
Photo of Albert Gonzalez released to by Secret Service
The indictment in federal district court in New Jersey marks the latest and largest in at least five years of crime that has brought its alleged orchestrator, Albert Gonzalez of Miami, in and out of federal grasp. Detained in 2003, Mr. Gonzalez was briefly an informant to the Secret Service before he allegedly returned to commit even bolder crimes.
Authorities have previously alleged that Mr. Gonzalez was the ringleader of a data breach that siphoned off more than 40 million credit-card numbers from TJX Cos. and others in recent years, costing the parent company of the TJ Maxx retail chain about $200 million.
Mr. Gonzalez is in federal custody in Brooklyn, N.Y., awaiting trial for alleged efforts to hack into the network of the national restaurant chain Dave & Buster's Inc. He also faces charges in Boston in the TJX matter.
The alleged thefts in Monday's indictment took place from October 2006 to May 2008.
Wall Street Journal