Zeus botnet temporarily disrupted, but back in full force

SearchSecurity.com:The Zeus botnet, a Trojan family widely used by cybercriminals to target victims with data-stealing malware, was temporarily disrupted this week after the ISP suspected of hosting its command-and-control servers was brought down. ... Kazakhstan-based Troyak.org, which harbors servers that control spam and malware botnets, went down temporarily on Tuesday. Troyak is considered to host 25% of the command-and-control servers that connect to Zeus infected computers. ScanSafe, which was recently acquired by Cisco Systems Inc., identified a sharp uptick in malware traffic prior to the shutdown, indicating the bot herders may have known there would be a disruption to their operations. ..."The data seems to indicate they had some sort of advance warning and if so they would have had ample opportunity to update their bots," said Mary Landesman, senior security researcher at ScanSafe, now part of Cisco.

Read more ...

Crooks Crank Up Volume of E-Banking Attacks

KrebsOnSecurity: Computer crooks stole more than $200,000 from an auto body shop in Ohio last month in a brazen online robbery. The attack is yet another example of how thieves are using malicious software to bypass bank security technologies that are often touted as strong deterrents to this type of fraud.

Read more ...

Dozens of ZeuS Botnets Knocked Offline

KrebsOnSecurity: Security experts are tracking a massive drop in the global number of control servers for various ZeuS botnets that are online, suggesting that a coordinated takedown effort may have been executed by law enforcement and/or volunteers from the security research community acting in tandem.

Read more ...

Law Firms slow to awaken to cybersecurity threat

National Law Journal: Hackers delve for client secrets, litigation plans, negotiation strategies and details of pending transactions.

An oddly worded e-mail was the first sign of something amiss at Los Angeles firm Gipson Hoffman & Pancione. It didn't read like the messages the firm's attorneys usually sent each other — didn't pass the "smell test." ... His suspicions raised, the recipient, associate Gregory Fayer, picked up the phone and discovered that the colleague who supposedly sent the e-mail knew nothing of it. Other attorneys at the firm also received the bogus e-mail, which was eventually traced to China — where Gipson Hoffman is litigating a $2.2 billion copyright infringement suit against the government. Fayer was well aware that cyberattackers often use fake e-mail messages to break into computer networks.

Read more ...

Thanks to Dave Roberts and Leba Finklestein for this.

Security gaps exploited in grade scandal remain, may be difficult to close

Washington Post:Montgomery County school officials have not yet closed gaps in their computer system that allowed students at a high-performing Potomac high school to change dozens of grades using a device that can be bought from Amazon.com for $69. And other school systems, including Fairfax County, remain just as vulnerable, school officials said Tuesday.... At least eight students at Winston Churchill High School are believed to have used the readily available device to obtain teachers' passwords for the school system's grading system. ... Computer experts said that Churchill teachers were lucky to catch the students. Just about every school system that protects its teachers' data with a simple username and password is vulnerable, experts said, and accessing a teacher's computer files is extremely common. ... "That's the first hack that every kid who becomes a criminal has done," said Alan Paller, director of research at the SANS Institute, an information security group.

Read more ...

Verisign: Security Solutions Overwhelming to Consumers

"Consumers are overwhelmed and frustrated by all the security solutions out there," said Verisign's (NASDAQ: VRSN) Jim Bidzos, who organized the first RSA Conference in 1991. "In fact some of the security tools we offer are nearing the point of negative returns." ... "It's time we started thinking about security as only part of the solution and ask what users really need from us. Today users are faced with pop-ups and all sorts of security procedures designed to make them feel more secure, but may simply frustrate them and question whether the Internet is safe," he said. ...In fact, Bidzos said the results from multiple surveys that asked consumers whether they thought the Internet is safe "indicates we're not quite there yet."

Read more ...

Source: eSecurity Planet

Monoprice.com Shuttered After Fraud Complaints

KrebsOnSecurity: Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information. ... Monoprice’s corporate page on Facebook.com features a number of interesting comments from customers, some of whom attributed recent fraudulent charges to the incident, while others are praising the company for being so forthcoming and providing continuous updates via Facebook.

Read more ...

Microsoft Patch Tuesday: Two Bug Fixes, IE Warning

Microsoft released two patches for eight security holes in its March "Patch Tuesday" drop, but also issued an advisory about a recently discovered flaw in Internet Explorer. ... The bugs fixed by the two patches are rated "important," the second highest ranking on Microsoft's four-tier severity rating scale. ... One bug that Microsoft did not fix this time around is a zero-day flaw in the way older versions of Windows handles help files and scripting -- Microsoft sent out a Security Advisory regarding the hole last week. ... According to Microsoft, the zero-day help file hole affects Windows 2000 Service Pack 4 (SP4), Windows XP SP2 and SP3, as well as 64-bit versions of XP Professional SP2, and Windows Server 2003. More recent releases of Windows, including Vista, Windows Server 2008, and Windows 7, are not at risk, Microsoft said.

Read more ...

Source: eSecurity Planet

Cyber Crooks Leave Traditional Bank Robbers in the Dust

KrebsOnSecurity: Organized cyber criminals stole more than $25 million from small to mid-sized businesses in brazen e-banking heists in the 3rd quarter of 2009 alone, federal regulators said last week. In contrast, traditional stick-up artists hauled less than $9.5 million out of U.S. banks over that same time period last year.

Read more ...

Energizer DUO: Trojan yourself for only $19.99

The Energizer DUO, a USB-powered battery recharger, was confirmed on Friday by Energizer Holdings to contain malicious code. According to this Energizer Press Release, they were notified by the CERT Coordination Center that the Windows software that ships with their DUO Charger "contains a vulnerability". ...Energizer has discontinued sale of this product and has removed the site to download the software. In addition, the company is directing consumers that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer. This will eliminate the vulnerability. In addition CERT and Energizer recommend that users remove a file that may remain after the software has been removed. The file name is Arucer.dll, which can be found in the Window system32 directory. ... Additional technical information can be found at http://www.kb.cert.org/vuls/id/154421.

Read more ...

Source: CyberCrime & Doing Time

Victim Asks Capital One, ‘Who’s in Your Wallet?’

KrebsOnSecurity: ... Joseph Mier and Associates Inc., a real estate appraisal company based in Hammond, L.a., lost more than $27,000 last year when four unauthorized automated clearing house (ACH) withdrawals were made from its accounts and sent to individuals around the United States.

Read more ...

Fiserv to Banks: Stay on Outdated Adobe Reader

KrebsOnSecurity: One of the nation’s largest providers of money-transfer and online banking services to credit unions and other financial institutions is urging customers not to apply the latest security updates for Adobe Reader, the very application most targeted by criminal hackers and malicious software. ... At issue is a non-public advisory issued by Fiserv, a Fortune 500 company that provides bank transaction processing services and software to more than 16,000 clients worldwide.

Read more ...

FBI to Private Sector: Cybersecurity Joint Effort

If anyone came to the RSA Conference this week expecting to hear technology was winning the war against cyber threats, they'd be sorely disappointed. Just as Homeland Security Chief Janet Napolitano did the previous day, FBI director Robert Mueller told an audience here at the conference that the U.S. risks falling dangerously behind in the fight against cyber criminals. ... Noting the breadth of attacks by numerous criminal organizations here and abroad, Mueller said our computer systems are suffering "death by a thousand cuts, bleeding data, bit by bit and terabyte by terabyte," as he put it. ..."We're playing cat and mouse and the mouse seems to be ahead most of the time," the FBI director continued. "We have to make the cost of business too expensive for them."

Read more ...

Source: eSecurityPlanet.com

Yep, There’s a Patch for That

KrebsOnSecurity: The average Microsoft Windows user has software from 22 vendors on her PC, and needs to install a new security update roughly every five days in order to use these programs safely, according to an insightful new study released this week. ... Those programs come from more than 22 vendors, so as a first order estimate the number of different vendors you have on your box is the number of different update mechanisms you have to master.

Read more ...

Regulators Revisit E-Banking Security Guidelines

KrebsOnSecurity: Prodded by incessant reports of small- to mid-sized business losing millions of dollars at the hands of organized cyber criminals, federal regulators may soon outline more stringent steps that commercial banks need to take to protect business customers from online banking fraud and educate users about the risks of banking online. ... At issue are the guidelines jointly issued in 2005 by five federal banking regulators under the umbrella of the Federal Financial Institutions Examination Council (FFIEC). The guidance was meant to prod banks to implement so-called “multifactor authentication” — essentially, to require customers to provide something else in addition to a user name and password when logging into their bank accounts online, such as the output from a security token.

Read more ...

Homeland Security Chief Details Cyber Threats

If there's one message Department of Homeland Security (DHS) Secretary Janet Napolitano stressed during an address here at the RSA conference, it was the need for speed in dealing with cyber threats. ... "We need to do more and do it faster," she said. While there is perhaps no ultimate technology solution to protect the country's digital infrastructure, Napolitano said her department wants to provide the ability to "bounce back" from an attack of any size, which would require more sophisticated failover and disaster recovery technology than is currently available.

Read more ...

Source: eSecurityPlanet.com

Criminal investigation opened in grade-changing scandal at Churchill High

Washington Post: The Montgomery County state's attorney has opened a criminal investigation into a grade-changing scheme at Winston Churchill High School, officials said Wednesday, elevating the digital subterfuge into a major scandal at one of the region's most prestigious public schools.... Police, prosecutors and school officials are examining the actions of at least eight students who allegedly used a USB device to steal teachers' passwords and change the grades of 54 students. Nearly 700 student records have been subpoenaed, and three of the eight students identified as ringleaders have left the school.

Read more ...

New BlackEnergy Trojan Targeting Russian, Ukrainian Banks

DarkREADING: Botnet lets attackers steal online banking credentials and DDoS Russian and Ukrainian bank ... Russian hackers have written a more sophisticated version of the infamous BlackEnergy Trojan associated with the 2008 cyberattacks against Georgia that now targets Russian and Ukrainian online banking customers.

Read more ...

SECURITY ALERT: Citadel has begun seeing attacks in the US using the new BlackEnergy Trojan.

Thanks to Brad Maryman for this.

RSA panel: No easy solution for Zeus Trojan, banking malware

The Zeus Trojan has been keeping David Shroyer up at night. The sneaky, ever-changing malware comes in many variants and is constantly finding ways to evade detection, said Shroyer, vice president of online security and enrollment at Bank of America. ..."The complexity of the Trojan is what makes it so scary," he said during a panel discussion on banking malware Tuesday at the RSA Conference. New solutions to fight the threat can quickly become outdated, he added. ... Bank of America does a lot of threat scoring; last year, phishing was the top threat facing its customers. But this year, in the wake of Zeus, "The customer endpoint has become the number one threat," he said. ...Cybercriminals have been using the Zeus Trojan to steal online banking credentials, and researchers say the highly customizable and easily obtainable malware kit has proven to be particularly successful. Small and midsize businesses have been especially hard hit by online banking fraud triggered by password-stealing malware.

Read more ...

Source: SearchFinancialSecurity.com

Thanks to Brad Maryman for this.

Information on U.S. website for medical data thefts is bare-bones

Los Angeles Times: The medical records of more than 18,000 patients of at least five Torrance doctors were potentially accessed by cyber-thieves on a single day in September, but this is probably the first you're hearing of it. ... Although a new federal law requiring greater disclosure of medical-data security breaches was passed a year ago, it wasn't until recently that the Department of Health and Human Services began posting specific incidents online.

Read more ...

Wyndham computers hacked into again for credit card names, numbers

USA Today: Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing customer's credit card information, according to an IDG New Service article on CIO.com. Wyndham operates chains including Days Inn, Ramada, Super 8 and Howard Johnson. ... It's the latest sign that computer hackers continue to target hotel networks to obtain sensitive guest data, which they can then use to purchase stolen goods. Earlier this month, Hotel Check-In reported that hotels had become hackers' No. 1 target last year, hitting hotels even more than banks and other financial service company sites.

Read more ...

Military Announces New Social Media Policy

New York Times: Many months behind schedule, the Department of Defense on Friday issued a new policy that, on the surface, seems likely to expand access to popular social networking sites like YouTube, Facebook and Twitter by troops using military computers. ... The new policy, which can be found here, says that the default policy of the department will be to allow access to social networking sites from the military’s non-classified computer network, known by its acronym, NIPRNET (for Non-classified Internet Protocol Router Network.)

Read more ...

Organiser of Darkmarket fraud website jailed

BBC: A man who created a website trading in stolen financial information linked to tens of millions of pounds in losses has been jailed for nearly five years. ... Renukanth Subramaniam, 33, founded Darkmarket, a "Facebook for fraudsters" where criminals could buy and sell credit card details and bank log-ins. ... The site was shut down in 2008 after an FBI agent infiltrated it, leading to more than 60 arrests worldwide.

Read more ...

Intel admits it is under constant attack from hackers

ComputerWeekly: Intel regularly faces cyber attacks by intellectual property thieves and malicious hackers, the chip maker's latest report to the US Securities and Exchange Commission reveals. ... The company admits that one recent and sophisticated incident occurred in January 2010 and that such attacks are sometimes successful.

Read more ...

N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss

KrebsOnSecurity: A New York marketing firm that as recently as two weeks ago was preparing to be acquired now is facing bankruptcy from a computer virus infection that cost the company more than $164,000.

Read more ...

China's military warns Washington, denies hacking

Washington Post: BEIJING (Reuters) - China's military warned the United States on Thursday to "speak and act cautiously" to avoid reigniting tensions between the two powers, denying the People's Liberation Army played a part in Internet hacking.

Read more ...

IT Firm Loses $100,000 to Online Bank Fraud

KrebsOnSecurity: A New Hampshire-based IT consultancy lost nearly $100,000 this month after thieves broke into the company’s bank accounts with the help of 10 co-conspirators across the United States.

Read more ...

Intel Was Attacked at the Same Time as Google

New York Times: Intel said that it was a victim of a “sophisticated” cyber-attack that occurred around the same time as the much-publicized attack on Google and other companies. ... Intel, which disclosed the January attack in a regulatory filing on Monday, played down the connection to the attacks on Google. ... But a person familiar with the investigation into the attacks said that Intel was part of the same wave of attacks that affected Google and more than 30 other companies.

Read more ...

Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks on Worldwide Business

CNN Money: 75 Percent of Organizations Have Suffered a Cyber Attack Losing an Average of $2 Million Annually. ... Symantec Corp. (NASDAQ: SYMC) today released the findings of its global 2010 State of Enterprise Security study. The study found that 42 percent of organizations rate security their top issue. This isn't a surprise, considering that 75 percent of organizations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. ... organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010.

Read more ...

U.S. pinpoints code writer behind Google attack: report

Washington Post: BEIJING (Reuters) - U.S. government analysts believe a Chinese man with government links wrote the key part of a spyware programme used in hacker attacks on Google last year, the Financial Times reported on Monday.

Read more ...

Hacking Inquiry Puts China’s Elite in New Light

New York Times: With its sterling reputation and its scientific bent, Shanghai Jiaotong University has the feel of an Ivy League institution.

The university has alliances with elite American ones like Duke and the University of Michigan. And it is so rich in science and engineering talent that Microsoft and Intel have moved into a research park directly adjacent to the school.

But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?

Read more ...

Schools in China say they weren't behind hacking

Washington Post: SHANGHAI -- Two prominent schools in China dispute allegations that hacking attacks on Google and other firms originated from them, a report said Saturday.... The New York Times reported late Thursday that security investigators traced the hacking to computers at Shanghai Jiaotong University and Lanxiang Vocational School in China.

Read more ...

Microsoft Confirms: Got Bluescreen? Check for Rootkits

KrebsOnSecurity: Microsoft confirmed today that the recent spate of Windows XP crashes and blue-screens experienced by people who installed this month’s batch of security updates were found mainly on systems that were already infected with a rootkit, a tool designed to hide malware infestations on host computers.

Read more ...

Broad New Hacking Attack Detected

Wall Street Journal: Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach. ... The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.

Read more ...

Thanks to Jason Stahl for sending this.

Large Worldwide Cyber Attack Is Uncovered

AP: More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm. ... The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon, Va.-based NetWitness.

Read more ...

2 China Schools Said to Be Tied to Online Attacks

New York Times: SAN FRANCISCO — A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation. ... They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.

Read more ...

‘Time Bomb’ May Have Destroyed 800 Norfolk City PCs

KrebsOnSecurity: The City of Norfolk, Virginia is reeling from a massive computer meltdown in which an unidentified family of malicious code destroyed data on nearly 800 computers citywide. The incident is still under investigation, but city officials say the attack may have been the result of a computer time bomb planted in advance by an insider or employee and designed to trigger at a specific date.

Read more ...

Security Updates for Adobe Reader, Acrobat

KrebsOnSecurity: Adobe is urging users of its PDF Reader and Acrobat software to install an update that fixes a couple of critical security holes in the products. The patches come amid news that booby-trapped PDF files were responsible for roughly 80 percent of the exploits detected in the 4th quarter of 2009.

Read more ...

Dozens Of Defense Contractors, Agencies Hacked

Forbes Magazine: For anyone who has a security clearance and doesn't believe the U.S. faces a cyber-espionage crisis, Steven Shirley has 102 stories to share with you.

That's the number of cases in which Shirley's team of Pentagon researchers discovered cyberspies breaching the networks of government agencies, defense contractors and other organizations with ties to the U.S. Department of Defense, gaining administrator-level access with the aim of stealing military secrets.

Read more ...

Hackers Steal $150,000 from Mich. Insurance Firm

KrebsOnSecurity: An insurance firm in Michigan lost nearly $150,000 this month as a result of a single computer virus infection.

Read more ...

China leads the world in hacked computers, McAfee study says

Washington Post: More private computers were commandeered by hackers for malicious purposes in China in the last quarter of 2009 than in any other country, including the United States, according to a new study by an Internet security company.

Read more ...

Rootkit May Be Culprit in Recent Windows Crashes

KrebsOnSecurity: There are indications that the system crashes and the dreaded blue screen of death (BSoD) that many Microsoft Windows users reported suffering after installing this week’s batch of security updates may be caused at least in part by malware infestations on the affected machines.

Read more ...

Critical Security Update for Adobe Flash Player

KrebsOnSecurity: Adobe Systems Inc. today released an updated version of its Flash Player software to fix two critical security holes in the ubiquitous Web browser plugin. Adobe also issued a security update for its Air software, a central component of several widely-used Web applications, such as Tweetdeck.

Read more ...

China Alarmed by Security Threat From Internet

New York Times: BEIJING — Deep inside a Chinese military engineering institute in September 2008, a researcher took a break from his duties and decided — against official policy — to check his private e-mail messages. Among the new arrivals was an electronic holiday greeting card that purported to be from a state defense office.

The researcher clicked on the card to open it. Within minutes, secretly implanted computer code enabled an unnamed foreign intelligence agency to tap into the databases of the institute in the city of Luoyang in central China and spirit away top-secret information on Chinese submarines.

Read more ...

How to Protect Yourself from the Internet Crime Wave by Dr. Stan Stahl

Thanks to my friend and colleague Joey Tamer for posting this article of mine on her blog. You can read it at information security blog post.

Joey provides strategic consulting to entrepreneurs in software, internet, technology and tech/media. Her Blog contains a wealth of information, not just for the entrepreneur but for anyone interested in strategy.

ID Theft: Don't Take It Personally

Forbes Magazine: Identity theft often feels less like a random act of fraud than a personal breach of a victim's secrets. But while consumers feel the sting from having their private data stolen, it's their banks that are increasingly picking up the bill.... That's one finding from an identity theft study released Wednesday by fraud analysis firm Javelin Research. The study, which surveyed around 5,000 Americans last year about their experiences with identity theft, calculated that ID fraud had cost around $54 billion in 2009, a significant jump from the $48 billion it estimated for 2008. That higher cost was driven by a greater number of fraud incidents that affected 11.2 million consumers in 2009, compared with 9.9 million in 2008.

Read more ...

New Banking Trojan Discovered Targeting Businesses' Financial Accounts

dark READING: The infamous Zbot botnet that spreads the pervasive Zeus Trojan has been seen distributing a brand-new banking Trojan -- one that researchers say could serve as a lower-cost alternative to the popular Zeus and Clampi malware for cybercriminals.

Read more ...

13 Ways to Protect Your Windows PC

KrebsOnSecurity: Microsoft today released a baker’s dozen of software updates to fix twice as many vulnerabilities in its various Windows operating systems and other software. Translation: If you use any supported version of Windows, it’s time once again to update your PC.

Read more ...

Comerica Phish Foiled 2-Factor Protection; Bank Sued

KrebsOnSecurity: A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than half a million dollars last year.

Read more ...

Zeus Attack Spoofs NSA, Targets .gov and .mil

KrebsOnSecurity: Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack.

Read more ...

Hackers Try to Steal $150,000 from United Way

KrebsOnSecurity: Hackers broke into computer systems at a Massachusetts chapter of the United Way last month and attempted to make off with more than $150,000 from one of the nation’s largest charities.

Read more ...

U.S. 'Severely Threatened' By Cyber Attacks says Dennis C. Blair, Director of National Intelligence

Information Week: Testifying before the Senate Intelligence Committee on Tuesday, the top U.S. intelligence official warned that U.S. critical infrastructure is "severely threatened" and called the recent cyber attack on Google "a wake-up call to those who have not taken this problem seriously."... "Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey," said Dennis C. Blair, Director of National Intelligence, in prepared remarks outlining the U.S. intelligence community's annual assessment of threats.

Read more ...

Twitter Asks Users To Reset Passwords After Possible Phishing Attack

Washington Post: Twitter is locking many users out of the system this morning, and sending them notices that they need to change their passwords in order to regain access to the service, due to concerns over a possible phishing attack.

Read more ...

A Tale of Two Victims

KrebsOnSecurity: When a computer virus infection at a business allows thieves to steal tens of thousands of dollars from the company’s commercial banking account, banks typically don’t reimburse the victim company. But the truth is, most banks make that decision on a case-by-case basis.

Read more ...

Hacking for Fun and Profit in China’s Underworld

New York Times: CHANGSHA, China — With a few quick keystrokes, a computer hacker who goes by the code name Majia calls up a screen displaying his latest victims. “Here’s a list of the people who’ve been infected with my Trojan horse,” he says, working from a dingy apartment on the outskirts of this city in central China. “They don’t even know what’s happened.”

Read more ...

NY Times: Britain Warned Businesses of Threat of Chinese Spying

British business executives dealing with China were given a formal warning more than a year ago by Britain’s security service, MI5, that Chinese intelligence agencies were engaged in a wide-ranging effort to hack into British companies’ computers and to blackmail British businesspeople over sexual relationships and other improprieties, according to people familiar with the MI5 document. ... The warning, in a 14-page document titled “The Threat from Chinese Espionage,” was prepared in 2008 by MI5’s Center for the Protection of National Infrastructure, and distributed in what security officials described as a “restricted” form to hundreds of British banks and other financial institutions and businesses. The document followed public warnings from senior MI5 officials that China posed “one of the most significant espionage threats” to Britain.

Read more ...

Brian Krebs: Simmering Over a ‘Cyber Cold War’

New reports released this week on recent, high-profile data breaches make the compelling case that a simmering Cold War-style cyber arms race has emerged between the United States and China.

Read more ...

Brian Krebs: Texas Bank Sues Customer Hit by $800,000 Cyber Heist

A machine equipment company in Texas is tussling with its bank after organized crooks swiped more than $800,000 in a 48-hour cyber heist late last year. While many companies similarly victimized over the past year have sued their banks for having inadequate security protection, this case is unusual because the bank is preemptively suing the victim.

Read more ...

PC World: PlayStation 3 Hack Released Online

Days after announcing he'd managed to hack Sony's PlayStation 3 console to run his own software George Hotz has released the exploit online. Hotz, who is best known for cracking Apple's iPhone, said in a blog posting that he had decided to release the exploit to see what others could do with it and because he wanted to move on to other work.

Read more ...

Brian Krebs: A Peek Inside the ‘Eleonore’ Browser Exploit Kit

If you happen to stumble upon a Web site that freaks out your anti-virus program, chances are good that the page you’ve visited is part of a malicious or hacked site that has been outfitted with what’s known as an “exploit pack.” These are pre-packaged kits designed to probe the visitor’s browser for known security vulnerabilities, and then use the first one found as a vehicle to silently install malicious software.

Read more ...

NY Times: In Digital Combat, U.S. Finds No Easy Deterrent

WASHINGTON — On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.... The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.

Read more ...

Brian Krebs: Adobe Ships Critical Shockwave Update

Last week, Adobe Systems Inc. shipped critical security updates for its PDF Reader software. Now comes an update that fixes at least two critical flaws in Adobe’s Shockwave Player, a commonly installed multimedia player.

Read more ...

Brian Krebs: Cyber Crooks Cooked the Books at Fla. Library

Jan. 7, 2010 was a typical sunny Thursday morning at the Delray Beach Public Library in coastal Florida, aside from one, ominous dark cloud on the horizon: It was the first time in as long as anyone could remember that the books simply weren’t checking out.

Sure, patrons were still able to borrow tomes in the usual way — by presenting their library cards. The trouble was, none of the staff could figure out how or why nearly $160,000 had disappeared from their bank ledgers virtually overnight. The money was sent in sub-$10,000 chunks to some 16 new employees that had been added to the usual outgoing direct deposit payroll.

Read more ...

CSO Online: Botnets: "The Democratization of Espionage"

The cyber attacks against Google, Adobe and a raft of other top U.S. corporations late last year were by most accounts sophisticated and targeted attempts to steal proprietary data. But lost in all of the resulting media hoopla over who the remaining victims were and whether Chinese hackers or indeed the Chinese government itself were responsible is the simple, terrifying truth that individual hackers now have access to the same arsenal of cyber weapons once reserved only for nation states.

Read more ...

The Biz Coach: How to Protect Yourself from the Internet Crime Wave

Thanks to my friend and colleague Terry Corbell for publishing this interview on his web site. Terry is Seattle's "Biz Coach" and he publishes a wealth of valuable business information on his web site. Read his blog post ...

Brian Krebs: Microsoft Issues Emergency Fix for IE Flaw

Microsoft has issued an emergency security update to plug a critical hole in its Internet Explorer Web browser. The IE bug is the same flaw that is being blamed in part for fueling a spate of recent break-ins at Fortune 100 companies, including Google and Adobe.

Read more ...

NY Times: The 3 Facebook Settings Every User Should Check Now

In December, Facebook made a series of bold and controversial changes regarding the nature of its users' privacy on the social networking site. The company once known for protecting privacy to the point of exclusivity (it began its days as a network for college kids only - no one else even had access), now seemingly wants to compete with more open social networks like the microblogging media darling Twitter.

Read more ...

NY Times: If Your Password Is 123456, Just Make It HackMe

Back at the dawn of the Web, the most popular account password was “12345.” ...Today, it’s one digit longer but hardly safer: “123456.” ... Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug. ...According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

Read more ...

NY Times: Fearing Hackers Who Leave No Trace

MOUNTAIN VIEW, Calif. — The crown jewels of Google, Cisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run. ... If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with the software.

Read more ...

FoxNews: Google Hack Leaked to Internet; Security Experts Urge Vigilance

The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed. ... The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system that, while outdated, still powers millions of businesses and home computers and is now dangerously compromised.

Read more ...

NY Times: Companies Fight Endless War Against Computer Attacks

The recent computer attacks on the mighty Google left every corporate network in the world looking a little less safe. ... Google’s confrontation with China — over government censorship in general and specific attacks on its systems — is an exceptional case, of course, extending to human rights and international politics as well as high-tech spying. But the intrusion into Google’s computers and related attacks from within China on some 30 other companies point to the rising sophistication of such assaults and the vulnerability of even the best defenses, security experts say.

Read more ...

Washington Post: U.S. plans to issue official protest to China over attack on Google

The United States will issue an official protest to the Chinese government over a major espionage attack targeting Google's computer systems and rights activists' e-mail accounts that the search-engine giant said originated in China.

Read more ...

NY Times: McAfee Says Microsoft Flaw Was a Factor in Cyberattacks

McAfee, the big security software maker, has been investigating the China-based cyberattacks that prompted Google to threaten to pull out of China altogether. ... In a blog post on Thursday afternoon, McAfee said that after examining the malicious software code used in the attacks, it believes a vulnerability in Microsoft’s Internet Explorer browser was an important pathway for the attacks, which were directed at Google and more than 30 other companies:

These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.

Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.

Read more ...

BBC: Cybercriminals revive old scams to target smartphones

As mobile phones get more sophisticated, hi-tech criminals are dusting off some old tricks. ... Security companies have noticed a rise in trojans known as dialers that used to be popular during the days of dial-up net access. ... On a smartphone the dialers are being used to call premium rate lines leaving victims with a big bill.

Read more ...

Thanks to Terry Corbell for this

NY Times: After Google’s Stand on China, U.S. Treads Lightly

Last month, when Google engineers at their sprawling campus in Silicon Valley began to suspect that Chinese intruders were breaking into private Gmail accounts, the company began a secret counteroffensive. ... It managed to gain access to a computer in Taiwan that it suspected of being the source of the attacks. Peering inside that machine, company engineers actually saw evidence of the aftermath of the attacks, not only at Google, but also at at least 33 other companies, including Adobe Systems, Northrop Grumman and Juniper Networks, according to a government consultant who has spoken with the investigators.

Read more ...

Washington Post: Google China cyberattack part of vast espionage campaign, experts say

Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said.... At least 34 companies -- including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical -- were attacked, according to congressional and industry sources. Google, which disclosed on Tuesday that hackers had penetrated the Gmail accounts of Chinese human rights advocates in the United States, Europe and China, threatened to shutter its operations in the country as a result.

Read more ...

Brian Krebs: Microsoft, Adobe Issue Security Updates

Microsoft and Adobe Systems each issued security updates on Tuesday. Redmond released a single patch to plug a flaw that’s not terribly scary, unless you happen to be running Windows 2000. Adobe’s patch bundle, however, covers at least eight critical security flaws, including one that hackers have been exploiting in targeted attacks of late.

Read more ...

NY Times: Google Threatens Pullout from China After Cyberattacks on Dissidents

In a calm and understated blog post, Google said Tuesday that it had recently come under an unusual cyberattack from China. The Web giant said the attack was very different from previous ones because it was aimed at Chinese dissidents’ Gmail accounts.... Information on two accounts was accessed by the hackers, Google said. In addition, “the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties…most likely via phishing scams or malware placed on the users’ computers,” the company wrote. ... Google said it had identified about 20 other companies that had been similarly targeted.

Read more ...

NY Times: Google, Citing Attack, Threatens to Exit China

BEIJING — Google said Tuesday that it would stop cooperating with Chinese Internet censorship and consider shutting down its operations in the country altogether, citing assaults from hackers on its computer systems and China’s attempts to “limit free speech on the Web.”

Read more ...

USA Today: Cybercrooks stalk small businesses that bank online

A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.

Read more ...

Apple issues security updates for Mac OS X

What's happening: Apple this week pushed an update for Leopard and Snow Leopard systems that plugs a large number of security holes in Apple's version of Java, a package installed by default on those Mac OS X systems that enables a number of multimedia Web applications.

The new Java version fixes at least 14 vulnerabilities in the version designed for OS X 10.6 systems; the package put together for 10.5 Macs corrects more than two dozen security flaws. Mac users can grab the patches via Software Update or from Apple Downloads.

What to do: Patch your Mac.

**********************************
Apple issues security updates for Mac OS X

GSM Cell Phone Encryption Broken

What's happening: At a conference in Berlin, German security researcher Karsten Nohl demonstrated a way to break system encryption to listen to conversations on GSM-based mobile phones. The encryption algorithm and variants of it are used to ensure the privacy of 80% of mobile calls.

What it means: Expect cell phone providers to strengthen GSM encryption algorithms.

What to do: While the fallout from this demonstration is not likely to put you at special risk, it is always a good idea to be circumspect in what you say on a mobile phone call.

**********************************
Cellphone Encryption Code Is Divulged

Cloud Computing Security

What's happening: Cloud computing is fast becoming the next great computer event. Why manage your own PCs, servers and programs when you can rent them online. And while cloud computing promises improved bang for scarce IT bucks, it is not without information security challenges.

What to do: Look before you leap. Sort out the answers to critical security questions: How is your information being secured? What security is the cloud vendor responsible for and what are you responsible for? Does the cloud vendor meet your regulatory and legal security obligations, such as HIPAA or PCI DSS? Is your information available to move should you want or need to do so, or if you are required to produce it under subpoena? Don't settle for vague 'salesman' type answers. Ask to see documentation. As this article from MIT Technology Review writes: "Information technology's next grand challenge will be to secure the cloud--and prove we can trust it."

**********************************
Security in the Ether

Howard Schmidt - Information Systems Security Association (ISSA) Board President - becomes US cybersecurity coordinator

What's happening: Howard Schmidt, president and CEO of the Information Security Forum (ISF) has been appointed White House Cybersecurity Coordinator by President Obama. As the new cybersecurity czar, he will have regular access to President Obama and serve as a key member of the National Security Staff. Schmidt has over 40 years of experience in government, business and law enforcement. He is in his second term as President of the Board of the not-for-profit Information Systems Security Association (ISSA), the world's foremost association for information systems security professionals.

What it means: President Obama last May became the first head-of-state of a major industrial nation to make a strong commitment to winning the battle to secure cyberspace. By appointing Schmidt as his Cybersecurity Coordinator, the President has given the job to a proven leader able to work with both government and industry. Schmidt helped develop the "National Strategy to Secure Cyberspace" which promotes "a comprehensive national awareness program to empower all Americans - businesses, the general workforce, and the general population - to secure their own parts of cyberspace." The plan recognizes that everyone must take responsibility for securing their own systems, that it takes the village to protect the village, that an unprotected computer puts even protected computers at risk.

What to do: Read our paper from the ISSA Journal "Creating the Information Security Village." Look for opportunities to do your part to "secure the village" including encouraging your IT and information security staff to become active in ISSA and other information security organizations.

**********************************
White House Picks New Cyber Coordinator

Hackers exploit Adobe Reader flaw via comic strip syndicate

What's happening: Cybercriminals broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat.

What it means: Visitors to websites serving comics from King Features are at risk of having their PCs taken over by malware on the websites designed to exploit the recently discovered flaw in Acrobat Reader. Most antivirus programs will fail to detect the malware attack.

More strategically, the story illustrates the imagination and creativity that cybercriminals bring to their work. Like lions in the jungle, cybercriminals are on the prowl, looking for any sign of weakness they can exploit.

What to Do: Tactically: disable Javascript as described in our previous blog post. Be on the alert for a patch from Adobe. Implement an intrusion detection and prevention system.

Strategically: Make sure you're staying ahead of the cybercriminals as the risk of falling behind continues to grow.

**********************************
Hackers exploit Adobe Reader flaw via comic strip syndicate

Web Attack on Twitter Demonstrates Deep Internet Risk

What's happening: Users going to Twitter Friday morning arrived instead at a site for the “Iranian Cyber Army.” The online attack was the result of the most basic of security breaches: someone got the password to enter the master directory of Twitter’s Internet addresses (Twitter's master DNS or Domain Name Server) and redirected users to the “Iranian Cyber Army" site instead.

What it means: There are two levels of meaning here. The obvious level is that social network sites continue to demonstrate that they have yet to get system security under adequate management control.

At a deeper level, consider that users were redirected from Twitter to the “Iranian Cyber Army" site. What if it weren't Twitter but your favorite eCommerce site and instead of being sent to the “Iranian Cyber Army" site you were presented with a site that looked identical to the site you thought you were going to—except that it stole your credit card information or installed malware on your computer.

And what if it's not your favorite eCommerce site but your own company's web site. And now every visitor going to your web site is at risk that malware will be installed on their computer.

What to do: Keep computers patched. Run an intrusion detection and prevention program instead of basic anti-virus. To protect your company's web site, make absolutely positively certain that IT staff is securely managing the master passwords to your company's DNS.

**********************************
Web Attack on Twitter Is Third Assault This Year

Hackers target unpatched Adobe Reader, Acrobat flaw

What's happening: Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.

What to Do: The exploit only works when users have Javascript enabled in Adobe Acrobat/Reader.To disable Javascript, click "Edit," then "Preferences" and then "Javascript," and uncheck "Enable Acrobat Javascript." Stay tuned for an update patch from Adobe.

**********************************
Hackers target unpatched Adobe Reader, Acrobat flaw

Viruses That Leave Victims Red in the Facebook

What's happening: Malware is spreading through Web sites like Facebook and Twitter. After stealing a Member's screen name and password, these malicious programs are coded to automatically send spam messages to the Member's friends and followers. Unsuspecting friends have been asked for money, have been directed to web-sites where malware is installed on their computers, and have had their user-names and passwords to online bank accounts stolen.

What it means: Social networks continue to be the wild wild west of the internet.

What to do: Stay vigilant. Be suspicious. Report suspected problems. And use a strong hard-to-break password.

**********************************
Viruses That Leave Victims Red in the Facebook

In Shift, U.S. Talks to Russia on Internet Security

What's happening: The United States, Russia and a United Nations arms control committee have begun talks aimed at strengthening Internet security and limiting military use of cyberspace.

What it means: Nations must protect cyberspace as the strategic national asset it has become. As attacks on Latvia and Georgia have illustrated, a nation can be crippled by a methodical cyber-attack. Along with strong defenses, international treaties are a necessary pillar in any effective cyberspace security solution.

What to do: Stay tuned. This is just the beginning. There's still a lot of hard work ahead.

**********************************
In Shift, U.S. Talks to Russia on Internet Security

Security Alert: Check your Facebook 'privacy' settings now

What's happening: Facebook has made major changes that may allow complete strangers to see your personal photos and videos, date of birth, family relationships, and other sensitive information.

What it means: Unless you act to control who gets to see your private information, Facebook may let anyone see it, friend or foe alike.

What to Do: Follow the advice of Washington Post's Brian Krebs in the blog link below.

**********************************
Check your Facebook 'privacy' settings now

Zeus crimeware appears to be using Amazon's EC2 as command and control server

What's happening: Security researchers have intercepted a variant of the Zeus crimeware using Amazon’s EC2 services for command and control purposes of its botnet. Cybercriminals appear to be using Amazon’s RDS managed database hosting service as an alternative control domain in case they lose access to the primary domain. ScanSafe reports that in the past 3 years, it has recorded 80 unique malware incidents involving amazon, with 45 in 2009 compared to 35 total in 2007 and 2008 combined

What it means: This story illustrates the inherent challenge of securing the internet and with it, all the corporate and personal information in our computers and servers that is accessible via the internet. Amazon has every reason to get security perfect; yet they don't. No one can. Perfect information systems security is as impossible as perfect security of any kind. So long as we have information in our systems that someone else wants, there will be risk.

What to do: Follow the advice of Wall Street journalist Meryl Rukeyser who said "The secret of success lies not in avoiding risk but in managing it." (Meryl Rukeyser was Wall Street Week's Louis Rukeyser's father and a periodic guest on the show in the 1980s.)

**********************************
Zeus crimeware using Amazon's EC2 as command and control server

Brian Krebs, Washington Post Journalist, Named Cybercrime Hero by Cisco

What's happening: Cisco's 2009 Annual Security Report names Brian Krebs, Washington Post journalist, as winner of its Cybercrime Hero.

The report writes: Kudos to Brian Krebs, who reports on computer security issues in his Security Fix blog on the website of The Washington Post. Krebs has spent a significant amount of time researching and reporting on banking Trojans like Zeus and Clampi and exposing how they operate.

In the fall of 2009, Krebs published a series of articles about the online “bank jobs” conducted by the sophisticated malware that Zeus and Clampi distribute. Through his extensive research and reporting, Krebs managed to discover a great deal about these Trojans. The tactics and routines associated with the malware—and the significant number of businesses and individual users who have been affected by it—would likely impress even some of the most successful bank thieves in history.

Krebs has taken time not only to report on these dangerous threats, but also to provide readers with practical and easy-to-understand advice about how not to fall victim to such scams.

What it means: Congratulations to Krebs for his award. The information security community has a friend in Krebs. One can only hope that a Pulitzer follows.

**********************************
Cisco names Security Fix author 'cybercrime hero'

Critical updates for Adobe Flash, Microsoft Windows

What's happening: Microsoft released six software updates on Tuesday to fix at least a dozen security vulnerabilities in Windows, Internet Explorer, Windows Server and Microsoft Office. Adobe also issued security updates to its ubiquitous Flash Player and its Adobe AIR software. Updates are available for Windows, Linux and Mac versions of these programs.

What to Do: Patch your systems.

**********************************
Critical updates for Adobe Flash, Microsoft Windows

Cisco Publishes 2009 Annual Security Report

What's happening: Cisco Security Intelligence Operations announces the Cisco 2009 Annual Security Report. The updated report includes information about 2009 global threats and trends, as well as security recommendations for 2010.

Report Highlight: Online criminals have taken advantage of the large social media following, exploiting users' willingness to respond to messages that are supposedly from people they know and trust.

What to Do: Review the report and strengthen defenses accordingly.

**********************************
Cisco 2009 Annual Security Report

La. firm sues Capital One after losing thousands in online bank fraud

What's happening: An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year.

What it means: Another victim of online bank fraud does battle with its bank over who's responsible.

What to do: Follow our earlier recommendations. Manage your own security. Check your insurance. Send your attorney a copy of our paper "An Emerging Information Security Minimum Standard of Due Care."

**********************************
La. firm sues Capital One after losing thousands in online bank fraud

Phishers angling for Web site administrators

What's happening: Cybercriminals have launched a massive phishing campaign to trick webmasters into giving up the credentials needed to administer their Web sites. Experts say the attackers are attempting to build a distributed network of hacked sites through which to distribute malicious software.

What it means: Cybercriminals have learned that they can take control of a PC by loading malicious software on a web site visited by the PCs users. This malware then infects the PCs of visitors, often bypassing corporate firewalls and antivirus software.

What to do: If you administer a web site and fell for this phishing scheme, contact your hosting provider and change your password. You also need to review your Web site content for any recent unauthorized changes.

**********************************
Phishers angling for Web site administrators

Health Net healthcare data breach affects1.5 million

What's happening: Health Net announced that it is investigating a healthcare data security breach that resulted in the loss of patient data, affecting 1.5 million customers.The Woodland Hills, Calif.-based managed healthcare provider said the lost files, a mixture of medical data, Social Security numbers and other personally identifiable information, were collected over the past seven years and contained on a portable external hard drive, which was lost six months ago. The company said the healthcare data was not encrypted containing data on 446,000 Connecticut patients.

What it means: This loss illustrates some of the challenges of securely managing sensitive information. Who — if anyone — authorized sensitive information to be stored on a portable—easy-to-lose—hard drive? Why was the drive not encrypted? Why did it take the company 6 months to to notify anyone? What will this cost them? What will they learn from it?

What to do: Stay vigilant. Every business is at risk that what happened to Health Net can happen to it.

**********************************
Health Net healthcare data breach affects1.5 million

Is Your Smartphone Eavesdropping on Your Converstaions?

What's happening: In late October, Indonesian developer Sheran Gunasekera released mobile-phone software that can help someone eavesdrop on your conversations.The free application, called PhoneSnoop, can be downloaded onto your BlackBerry, remotely turn on the microphone, and listen to conversations held in proximity to the device.

What it means: PhoneSnoop and the similar FlexiSPY are two of a growing number of applications that can be downloaded onto a smartphone without a user's knowledge. Smartphones and the growing number of people using them are becoming a bigger target for unauthorized and potentially harmful software, including worms, viruses, and spyware that tracks a user's Web activity.

What to Do: Configure your smartphone so apps can be downloaded and installed only with your approval. Make sure IT staff is staying on top of this growing threat.

**********************************
Smartphones: A bigger target for security threats

UK Police Reveal Arrests Over Zeus Banking Malware

What's happening: British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a malicious software program often used in sophisticated online bank fraud. When installed on a PC, Zeus can send spam, steal financial or other data or conduct a distributed denial-of-service attack against other computers. Machines infected with Zeus are essentially a botnet.

What it means: While it's good to get these two cybercriminals off the street, the total effect is like taking a glass of water out of the ocean.

What to do: Celebrate that these two are in jail. Then go back to protecting sensitive business and family information.The battle is far from over.

**********************************
Two held in global PC fraud probe

Phishing Alert: “Rejected ACH Transaction.”

What's happening: NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. See NACHA's press release below

What it means: Cybercriminals are attempting to lure unsuspecting businesses to a web site that will infect their computers with malware.

What to do: Don't fall victim to these phishing attacks. Always be suspicious. Ask yourself: "Does this email make sense?" Make sure technology defenses are in place in case you slip.

**********************************
NACHA Phishing Alert (11/12/2009) E-mail Claiming to be from NACHA

NACHA – The Electronic Payments Association has received reports that individuals and/or
companies have received a fraudulent e-mail that has the appearance of having been sent from
NACHA. See sample below.

The subject line of the e-mail states: “Rejected ACH Transaction.” The e-mail includes a link
which redirects the individual to a fake web page which appears like the NACHA Web site and
contains a link which is almost certainly executable virus with malware. Do not click on the link.
Both the e-mail and the related Web site are fraudulent.

Be aware that phishing e-mails frequently have links to Web pages that host malicious code and
software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or
otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from
organizations and financial institutions. NACHA does not send communications to individuals or
organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or
anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches
are installed and current.

Be alert for different variations of fraudulent e-mails.

= = = = = Sample E-mail = = = = = =

From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic
Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented)
------------------------------------------------------------------
Copyright ©2009 by NACHA - The Electronic Payments Association
= = = = = = = = = = = = = = = = = = =