Spamzy

The theft of $4,500 from an Australian woman’s online bank account happened because of a Trojan horse hidden on her computer.

“Two unauthorised deductions - each for $1485 - were made from e-banking customer Sandra Bridekirk’s account,” says Australian IT.

When she rang the bank, “she was told a third payment was programmed to occur that day,” says the story.

“The scary thing was that the transactions had been done with my personal access number and my password, and even my husband doesn’t know those,” she’s quoted as saying.

The third transaction was stopped, “but $3000 has been frozen until her bank and police finish their investigations,” it says, going on:

“A further shock awaited Ms Bridekirk when an examination of her computer revealed all of her web credentials had been stolen - including all her user names and passwords, and her email address lists.”

Andreas Baumhof, CTO of online transaction security firm TrustDefender, discovered that Ms Bridekirk’s computer had been infected by a drive-by download on September 2,” says Australian IT, adding:

“Mr Baumhof found it was Trojan.Spy.Banker.EGJ, which injects extra HTML (web markup language) into internet banking web pages in order to capture passwords and credit-card details.

“All log-in forms on her machine have been collected and sent to Russia,” he said.

Go here to see the original:
Drive-by Trojan cost woman $4,500

I could have used this technique last night — I got home to my apartment in Oakland at 11:30, only to realize I’d left my keys in Sacramento. Two hours later a locksmith finally came and charged me $100 to let me in my own apartment. Expensive? Maybe, but comparable to other services, and compared to the havoc that a lock-breaker could wreak if he was trying to use his talents for crime rather than service, it’s a small price.

It’s kind of frightening to see how quickly a skilled lock-picker can jimmy a lock and get in. But new technology makes it even simpler — apparently all you need is a good telephoto lens to break in to someone’s house — just wait till they leave their keys out on a table, snap a picture, and take it to an unethical key maker, and wha-la, a perfect replica:

“We built our key duplication software system to show people that their keys are not inherently secret,” said Stefan Savage, the computer science professor from UC San Diego’s Jacobs School of Engineering who led the student-run project. “Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing.”

Professor Savage presents this work on October 30 at ACM’s Conference on Communications and Computer Security (CCS) 2008, one of the premier academic computer security conferences.

Read the full article here.

Go here to read the rest:
Silent Break-Ins: How Technology Compromises Physical Security Too

People were being scammed long before email and malware entered into daily use — and it’s still happening offline as well as online. So what to do if you know that someone you love is being victimized and scammed?

That’s the question the Consumerist asked readers today, with a story about a Florida grand-dad whose gardener is supposedly fleecing him for over $10k / month, allegedly to help an ailing friend:

Shaun says his 80+-year old grandfather, Steve, is being scammed out of over $10,000 a month. It seems Steve recently hired a female gardener who introduced him to a “wealthy friend,” and now he’s loaning them money to pay for groceries, cable, home upkeep, and, get this, bodyguards to protect her from an ex-husband and son who to want to kill her. When the family tries to intervene, Steve says the family is trying to put him in a nursing home and steal his money. Shaun is at a loss. How can he help his grandfather, who doesn’t want to be helped?

Another question that might be relevant in the IT Security community is, are the elderly more prone to these scams, and if so why? In the tech world it’s widely assumed that the older generation just has a harder time learning and grasping how to use technology so may not understand what is risky and what isn’t.

But perhaps there’s a deeper problem, either with some form of dementia and paranoia in the older years, or just a purer vulnerability associated with being alienated from the new, cutting edge and modern world as we age, or some kind of unwillingness to be suspicious because of the need to have caring people around you?

Here is the original post:
Teaching the Elderly about Scams and Security

Whipping up a Storm

Pharmacy-touting spammers can turn a decent return on response rates as low as one in 12 million, far lower than previously thought.…

View post:
Researchers hijack botnet for spam study

Chinese hackers gained “extensive access to unclassified White House emails” when they broke into White House systems last year, says the Wall Street Journal, quoting “current and former government officials familiar with the matter”.

“The break-ins were discovered last year, said several private-sector experts familiar with the breach,” says the story.

“They said they learned about it in the summer of 2007. A June 2007 cyber break-in at the Pentagon was also attributed to the Chinese military, but it’s not clear whether these incidents were linked.”

The more that you see, “the more numb you become to it,” a US official “familiar with the White House breach,” says in the story.

“This is the kind of development that has been driving the government cyber initiative,”  it quotes Scott Borg, director of the US Cyber Consequences Unit, a think tank that advises governments and companies, as saying.

White House spokesman Tony Fratto declined to comment on the breach, says the Wall Street Journal, adding:

“Over the summer, foreign hackers broke into the computer systems of the Obama and McCain presidential campaigns and stole large volumes of campaign information, according to current and former government officials.”

Read the original post:
Chinese hackers penetrate the White House

WinDefender is a malware program, now it’s promising an update “Get rid of mailware now!” It’s been out a while but now there’s the “Update” going around.

Be wary and warn the folks you know — this isn’t Windows Defender, an anti malware program.

F-secure has a screenshot so you know what to look for…and of course the requisite joke, hoping that future versions might promise an end to “maleware.”

Good luck with that, guys.

The rest is here:

Republican rickrolling ruse

Spammers have upped the ante in their bid to tap into interest created by the US presidential election this week to punt penis pills other assorted pharmaceutical tat.…

Read the original here:
McCain ‘dead’ email ruse punts penis pills

You have to hand it to them. They don’t miss a beat.

“Within hours of settling the U.S. presidential election on Tuesday, spam seen worldwide began incorporating the name and image of Barack Obama, according to various security vendors,” says CNet News.

Sophos reported 60% of all spam it came across on Wednesday was in some way Obama related, says the story, going on:

One piece of spam alleges to contain a link to video of Obama’s acceptance speech. If you follow the video link within the e-mail message you will be taken to a Web page where you’ll be asked to update your Adobe Flash Player with a file, adobe_flash9.exe, first. This is not an official Adobe update file and downloading this file may in turn infect your computer with a Trojan.

Sophos named the Trojan Mal/Behav-027. F-Secure named it W32/Papras.CL. Sunbelt Software also has a blog about this particular piece of spam.

And Websense says an e-mail, claiming to be an interview with Obama, features embedded links to a video site that attempts to install BarackObama.exe, CNet says, adding:

“Downloading this file may infect your computer with a Trojan.”

Source:
Obama malware shows up already

WHEN: Thursday, November 131 PM PT / 4 PM ET

This Web site was created to be a clearing house for technical IT security queries, and we are still fielding quite a few of those. But we continue to receive a broad variety of fascinating questions …

See original here:
IT Security Ask the Experts: Top Queries, October 2008