Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PC Invader Costs a Kentucky County $415,000

kdawson posted more than 5 years ago | from the don't-be-stupid-out-there dept.

Security 192

plover recommends a detailed account by Brian Krebs in the Washington Post's Security Fix column of a complex hack and con job resulting in the theft of $415,000 from Bullitt County, Kentucky. "The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. ...the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country... [T]he criminals stole the money using a custom variant of a keystroke logging Trojan known as 'Zeus' (a.k.a. 'Zbot') that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection."

cancel ×

192 comments

Sorry! There are no comments related to the filter you selected.

Windows TCO (5, Insightful)

harmonise (1484057) | more than 5 years ago | (#28615751)

Don't forget to include this in your Windows TCO calculations.

Re:Windows TCO (2, Interesting)

Jurily (900488) | more than 5 years ago | (#28615817)

But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

Actually, if you root a *nix box, this part looks kinda trivial.

Re:Windows TCO (4, Insightful)

clang_jangle (975789) | more than 5 years ago | (#28615883)

But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

Actually, if you root a *nix box, this part looks kinda trivial.

Yet we don't see much of that, do we? In spite of the massive *nix share of the server market, it's windows systems that prove easiest to compromise.

Re:Windows TCO (0)

Anonymous Coward | more than 5 years ago | (#28616041)

Most people are used to using Windows machines, including thieves and bankers.

Re:Windows TCO (3, Insightful)

Anonymous Coward | more than 5 years ago | (#28616107)

keyloggers aren't used on servers as much...regardless of the OS.

Re:Windows TCO (1)

jacquesm (154384) | more than 5 years ago | (#28616369)

network snooping is.

Re:Windows TCO (0)

Anonymous Coward | more than 5 years ago | (#28616799)

all kinds of things are used against servers. the article was related to a keylogger that was used, and the parents were talking about rooting a box. Network sniffing is platform agnostic.

I'd also point out that militaries worldwide have been known to capture and compromise computers of all kinds. Of course none of this has anything to do with the article and placing keyloggers on servers (or even rootkits for that matter). Network sniffing/monitoring, again, is usually platform agnostic and has no place in here within the context of the article's responses.

btw, I analyze and exploit malware for a living so I'm aware there are 'n' other things you can do to servers that aren't related to the article, including walking out with the source code to software used by the servers (see Goldman Sachs articles of the day). I was merely trying to respond earlier in the context of keyloggers on servers not list all the various things you can do to computers.

Network sniffing has absolutely nothing to do with the post that I was responding to, nor does it change the fact that keyloggers aren't used on servers much.

Re:Windows TCO (5, Insightful)

Evil Shabazz (937088) | more than 5 years ago | (#28616129)

Your conclusion is debatable, particularly resting on the tenuous footing of your supplied argument. However, that doesn't matter at all. You see, it doesn't really matter whether Unix or Windows is easier to compromise. What matters is that the easiest people to compromise use Windows.

Re:Windows TCO (4, Insightful)

Mista2 (1093071) | more than 5 years ago | (#28616429)

I use Windows, OS X and Linux, and none of my PCs have ever been compromised, but the Windows one sure is harder to protect.

Re:Windows TCO (2, Insightful)

cawpin (875453) | more than 5 years ago | (#28616573)

Knowing which is hardest to protect would require ALL of them to have been compromised at least once. Since NONE of them have been you have no basis for a comparison.

Re:Windows TCO (4, Insightful)

andy_t_roo (912592) | more than 5 years ago | (#28616729)

He does have a basis -- the effort (time or cost) required to get the system to a state where compromise was not likely.

simplified a bit :
Linux - don't run as root, install updates regularly, think twice before entering root password.
Windows - attempt to have the logged in user not running as admin, install updates regularly, install run update and monitor virus scanner + firewall software. think twice before entering admin password (if running as non-admin)

OSX - never had admin on OSX, from what i understand its the same as linux with respect to security.

the effort to run (pre vista) windows as non-admin is substantially harder than non-admin linux.
installing updates is approximately the same effort.
windows (currently) requires extra software installed to be secure.

Objectively windows is harder to secure (harder on 2 out of 3). (this also assumes that this is the minimum effort required to secure each system to the same level - on any system you could spend much more effort due to a lack of knowledge, or wrong pre-conceived ideas concerning security)

Re:Windows TCO (1)

cawpin (875453) | more than 5 years ago | (#28617179)

I wasn't talking about an objective comparison based on common beliefs. I was simply saying that his statement is not provable for his systems unless they have been compromised. You have to be compromised before you can KNOW what is required to prevent it.

Re:Windows TCO (1)

MrCrassic (994046) | more than 5 years ago | (#28616599)

How so?

Re:Windows TCO (0)

Anonymous Coward | more than 5 years ago | (#28616577)

You are 100% correct and that's because Windows is the most familiar OS there is.

The panacea would be to only hire slashdot level IT for every job requiring any interaction with money.

Re:Windows TCO (1)

Locutus (9039) | more than 5 years ago | (#28616637)

it's the same people who are pretty much computer illiterate and just squeak by using Windows who are Microsoft's best customers. Keep'em dumb, keep'em taking everything shoveled in front of them. The other day, a salesman from a computer shop specializing in Windows asked me to send his wife a link to some pictures. After a few emails, he didn't know the link I emailed him was just something he could use a browser to see. WTF and how to these people get paid for so little ability to use even the simplest parts of the computer software?

 

LoB
 

Re:Windows TCO (0)

Anonymous Coward | more than 5 years ago | (#28617051)

it's windows systems that prove easiest to compromise

Easier.

Re:Windows TCO (0)

Anonymous Coward | more than 5 years ago | (#28615893)

Actually, if you root a *nix box, this part looks kinda trivial.

Um... just as trivial (at least from a security perspective) with a Windows, too. Or are you suggesting that *nix is just easier to program in general... that would be a feature, not a bug.

Re:Windows TCO (1)

Demonantis (1340557) | more than 5 years ago | (#28616377)

But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

Actually, if you root a *nix box, this part looks kinda trivial.

The hard part is doing it without rooting. Which happens to be a lot easier in windows. If you rooted the box you could do a lot more useful things easier then what this malware did. Imagine having all the payroll information for the county and the fraud that would enable.

Re:Windows TCO (5, Insightful)

erroneus (253617) | more than 5 years ago | (#28616189)

I love the thought behind the comment, but I think we are arriving at a kind of plateau where it is not so much the OS as the users being stupid and uneducated while management policy is too lax when it comes to computer use.

With text-based computer usage, that was rarely if ever a problem simply because the fun things to do were rather limited and certainly didn't involve a live connection to a public internet. But the more connected we became, the more fun things there were for people to do. Suddenly with Windows + Internet access, the door flew wide open with everything from BonziBuddy to Weatherbug to all sorts of other gadgets, games and gizmos. This escalation of extra-curricular activity has never been treated as a threat or as a problem by many and has continued unabated.

What is needed, whether running Windows, Linux or MacOSX on the desktop, is a means to EFFECTIVELY prevent the installation of unauthorized software and data. That is a complicated trick for a variety of reasons not the least of which is the face that the file system doesn't care if a file is data or executable code no matter where it is located in the file system. (This is a problem that should be fixed in ALL OSes) There are effective tools to prevent a lot of such things, but all of them require what should have been done to begin with -- careful system software planning and implementation. There are limits to which the OS itself can be blamed and that's what I am really trying to get at.

On one hand, there is the threat of running as the superuser on any OS which is unquestionably a problem. On the other, there is running as the user. Running programs as a user, from a user's writeable data space is often enough to give malicious software operators what they are looking for anyway. Many of them seek personal information, so if they can get code running on a remote user's system that will give them access to that user's data, that's enough of a threat. Getting "superuser access" merely gives them a way to infiltrate the system at a much lower level and make removal much more difficult. So merely patching or preventing superuser access from being taken, assumed or otherwise utilized is only a part of the problem and one that is increasingly realized as irrelevant to malware authors.

In the end, the TCO of Windows, in this respect, is still lower if for no other reason than the likelihood that someone has a quick and easy way to reload the system clean is pretty high up there. There are fewer quick solutions to fixing or cleaning up a compromised system under Linux or MacOSX... with good reason -- they aren't your typical targets.

But I believe we are close to reaching a plateau at which there is only so much that can be done to secure an OS without proper planning and implementation taking the lead concern as it should have always been.

Re:Windows TCO (1, Informative)

gd2shoe (747932) | more than 5 years ago | (#28616443)

That is a complicated trick for a variety of reasons not the least of which is the face that the file system doesn't care if a file is data or executable code no matter where it is located in the file system.

Please elaborate. You sound more intelligent than this, so I assume I misunderstand you.

Most filesystems do keep tabs on which files are executable, and which ones are not. Of course, Windows defaults to executable, and the rest of the world defaults to not-executable. On the other end, processors now recognize the no-execute bit on memory. This makes it possible (easier?) to avoid accidentally running data in an executing program (ex: some buffer overflows). Of course, for these things to work properly, the OS bears a lot of responsibility.

What is needed, whether running Windows, Linux or MacOSX on the desktop, is a means to EFFECTIVELY prevent the installation of unauthorized software and data.

On Linux, the Distros needs to keep their repositories clean (they usually do) and users should generally avoid installing software that isn't in the repository. It's generally a very safe practice, and usually practical.

Re:Windows TCO (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28616551)

Why would you include user stupidity into Windows TCO? are you implying that dumb users suddenly become intelligent if they are running OSX or linux and won't run bad stuff?

Re:Windows TCO (0, Troll)

sentientbeing (688713) | more than 5 years ago | (#28616737)

Nix users generally have a higher level of tech knowledge in general.

Re:Windows TCO (2, Insightful)

gd2shoe (747932) | more than 5 years ago | (#28616989)

Again: "are you implying that dumb users suddenly become intelligent...?"

In other words, is the user intelligence variable dependant upon the OS variable? if you change the OS, does the user IQ change with it?

Dispite the GPP being an AC, I think you missed his point (which was valid).

Re:Windows TCO (3, Insightful)

Nutria (679911) | more than 5 years ago | (#28617143)

are you implying that dumb users suddenly become intelligent...?

No. It's that a regular (not necessarily dumb, just... regular) non-priv users have less (not zero!) chance of having (actively thru stupid clicking, or passively thru a worm) something unwanted installed on Linux/BSD than they do on Windows or OSX. Especially if they don't have the root password.

IOW, Windows is a slippery pistol with a low trigger pull weight in a fragile holster. BSD & Linux "pistols" have no-slip grips, heavy trigger pull weights and sturdy leather holsters. You can shoot yourself in the foot with either, but Windows makes it a *lot* easier...

Re:Windows TCO (1)

causality (777677) | more than 5 years ago | (#28617165)

Again: "are you implying that dumb users suddenly become intelligent...?"

In other words, is the user intelligence variable dependant upon the OS variable? if you change the OS, does the user IQ change with it?

Dispite the GPP being an AC, I think you missed his point (which was valid).

In the sense that I could not prove it, I cannot tell you about the causation. I can tell you about the correlation, however.

It's not so much that *nix users tend to be more technically knowledgable. That is true, but I don't think that's the biggest difference. It's that *nix users more strongly feel that you should not use a tool without at least trying to understand it. Among other things, that means you become a little better at it or more skillful with it the more you use it. It's not about assuming that you're an expert; rather, it's about assuming that eventually you might become one. It follows that the difference between average users and advanced users is that advanced users take less time to get there because they have an aptitude for it.

You just don't see that sort of personal involvement with most Windows installations. In a way it would contradict the "easiest thing to use EVER!" marketing that goes along with it. In another way, that marketing is an attempt to accommodate this (IMHO misinformed) idea that becoming personally involved in what you spend your time doing is some kind of undesirable event to be avoided whenever possible, like some kind of tax. I really think that people who see this as a burden have no idea what they are missing.

I don't see this as being about pure computing at all. To me it's more like a philosophy of life and involvement. There are also elements concerning the willingness to assume a little responsibility. While the actual "mechanics" of it may be difficult to elucidate, I believe that these abstract, philosophical ideas are reflected in the design and culture of the various OSes and that different users who have different ideas of "how this should be" will gravitate towards different platforms as a result.

The only thing this assumes is an awareness of the various platforms, which the situation with Windows can complicate because of its overall dominance and subsequent ubiquity. So, this can be seen as limiting my observation to those who are aware of the alternatives. It could also be seen as strong confirmation for the philosophical nature of the point.

Re:Windows TCO (2)

MrCrassic (994046) | more than 5 years ago | (#28616591)

Just like they forgot basic security measures, right?

Yeah, this isn't a Windows problem. You do know that Linux/UNIX boxes can get 0wn3d, right?

Bank hold some responsibility (5, Insightful)

gd2shoe (747932) | more than 5 years ago | (#28615765)

They set up a system that required multiple credentials to transfer money, but one of those credentials could be used to reset the other? Give me a break! This was a system deliberately setup to look more secure than it actually was. The Controller was relying on that extra protection the bank was offering. It seems the county was scammed twice!

Re:Bank hold some responsibility (1)

Meshach (578918) | more than 5 years ago | (#28615837)

They set up a system that required multiple credentials to transfer money, but one of those credentials could be used to reset the other? Give me a break!

To be fair the article says that the malware created the direct connection. The direct connection was probably not there by default.

Re:Bank hold some responsibility (5, Insightful)

gd2shoe (747932) | more than 5 years ago | (#28616001)

No, I am being fair.

Direct connection or not, that login shouldn't have been able to reset the other one. There are several reasons why two people needed to approve transfers from that account. Being able to unilaterally reset the Judges credentials is a big fat security hole in its own right.

Sometimes an attack must rely on more than one vulnerability. This is one of those. Thus, I didn't say that the bank is 100% responsible, only that they hold some responsibility.

Re:Bank hold some responsibility (0)

Anonymous Coward | more than 5 years ago | (#28615847)

I'm gearing up for an argument tomorrow, with the client, on why only requiring a single answer to a limited set of questions is enough to reset a password is a terrible fucking idea. On a secure network, no less.

Maybe we should just show a picture of mickey mouse, ask them what his name is, then allow them to reset passwords that way. Or just give them the passwords outright, that way anyone can get theirs if they lose it.

It's a foolproof plan, if they assume EVERYONE is a fool.

Jackasses.

Re:Bank hold some responsibility (5, Interesting)

plover (150551) | more than 5 years ago | (#28616097)

My wife has long had to transfer money between various commercial accounts at her jobs. As far back as I can remember, the banks issued her RSA tokens which were required to authorize the transfers.

I can't imagine a commercial bank NOT using a secure crypto system with an air gap. If the county is concerned about two authorizations, so much the better: issue the judge his own token.

Even that could be compromised by a hacker who owned the treasurer's computer, but it would have been almost impossible to run the scam 500 times in a few days like this guy did.

Re:Bank hold some responsibility (1)

gd2shoe (747932) | more than 5 years ago | (#28616325)

Even that could be compromised by a hacker who owned the treasurer's computer

Basically, he did own the Treasurer's computer, and that was the whole problem. In this case, the "air gap" should have been required to reset the judge's credentials.

This is akin to a bank which cashes a check requiring 2 signatures, even if the signatures are exactly the same (or a whole bunch of checks, actually). It looks more secure on the face of it, but it is equally secure to requiring one signature only.

I do like the idea of banks issuing tokens of some kind (or a list of one-use authorization passwords, etc).

We're talking about Kentucy! (1)

sgt_doom (655561) | more than 5 years ago | (#28617037)

"I can't imagine a commercial bank NOT using a secure crypto system with an air gap."

Dood, remember, this is Kentucky we're talking about here. The same place where an anonymous caller's commands to disrobe and be spanked (and perform other various sexual acts) was enough for a young adult Kentucky female to obey (recall that McDonald's episode?).

Also, isn't that the same state that moron senator McConnell is from?

Obligatory: (4, Funny)

Joe Snipe (224958) | more than 5 years ago | (#28615785)

Identity Theft [youtube.com]

your tax money at work (0, Flamebait)

clang_jangle (975789) | more than 5 years ago | (#28615791)

Convenient how governments and businesses continue to spend other people's money on insecure systems which allow even more money to vanish.
Microsoft Windows --because plausible deniability can come in mighty handy!

Re:your tax money at work (1, Funny)

CorporateSuit (1319461) | more than 5 years ago | (#28615885)

Convenient how governments and businesses continue to spend other people's money on insecure systems which allow even more money to vanish.
Microsoft Windows --because plausible deniability can come in mighty handy!

In other news, Governor Arnold Schwarzenegger (R) of California told all his debtors, that were expecting over $6 billion by the end of July, that California did have the money after all, the money was on the way, but currently stuck in Outlook. "I press da send key and it says "Netvurk Error" so as soon as that gets sorted out by the boys in the netvurk, da checks vill be on their vay. No need to lower the state's credit score. The money's just stuck in the outbox! Promise!"

Wow, blaming Microsoft CAN make life easier for governments...

Re:your tax money at work (1)

sexconker (1179573) | more than 5 years ago | (#28616013)

What the fuck kind of accent are you attempting to mock?

Re:your tax money at work (3, Funny)

John Hasler (414242) | more than 5 years ago | (#28616133)

Governatorese.

Re:your tax money at work (5, Insightful)

cgenman (325138) | more than 5 years ago | (#28616379)

If you go with the normal route, and the normal route gets hacked, you won't be blamed.

If you setup a server on a system that your boss hasn't heard of, and you get hacked, you're fired.

The chances of the former are much greater in a lot of ways. But the risk to your job is basically zero. Whereas in the second way, you're fired because you decided to use that silly deamon thing instead of proper, professional, Enterprise-Ready (tm) Windows 7.

Re:your tax money at work (1)

benjamindees (441808) | more than 5 years ago | (#28616665)

Truly insightful. This is exactly the reason that you should always hack into the main Windows server and run your programs there when needed.

Re:your tax money at work (1)

gd2shoe (747932) | more than 5 years ago | (#28617031)

"Nobody ever got fired for buying IBM." --> "Nobody ever got fired for buying Microsoft."

enh, the criminals we get these days... (4, Interesting)

roc97007 (608802) | more than 5 years ago | (#28615841)

All that work, and they netted less than a half million?

Re:enh, the criminals we get these days... (5, Funny)

CorporateSuit (1319461) | more than 5 years ago | (#28615955)

No kidding, if they were real hackers, they would have gotten away with $1.337 Million.

Re:enh, the criminals we get these days... (0)

Anonymous Coward | more than 5 years ago | (#28616055)

Only if the account had access to barely over that amount available. You're not 1337 if you leave thousands behind. Generally, it'd be easier to just leave $13.37 as the final balance!

(Comment is to be used on humor basis alone, I do not condone electronic theft. Other exclusions and fine print may apply. Use with caution.)

Re:enh, the criminals we get these days... (1)

causality (777677) | more than 5 years ago | (#28617249)

(Comment is to be used on humor basis alone, I do not condone electronic theft. Other exclusions and fine print may apply. Use with caution.)

You're making me feel like I need a long disclaimer before the next time that I start talking shit...

Re:enh, the criminals we get these days... (1)

gd2shoe (747932) | more than 5 years ago | (#28617043)

This isn't the first or last place they've hit. Half a million is only a portion of their "net proceeds".

This is nothing novel. (1)

EkriirkE (1075937) | more than 5 years ago | (#28615861)

Malware has been installing proxies and/or phoning home for years. (backdoors to direct-connect to/through your machine, instant messaging keystrokes).

HOW DID THE VIRUS/TROJAN get onto the PC? (3, Interesting)

davidsyes (765062) | more than 5 years ago | (#28615873)

From the site:

http://voices.washingtonpost.com/securityfix/2009/07/an_odyssey_of_fraud_part_ii.html?hpid=sec-tech [washingtonpost.com]

one reader wrote in:

"I guess we don't know how the attackers somehow got the Zeus Trojan on the county treasurer's PC (presumably the county doesn't want to say and the FBI told them not to discuss details of the case anyway), but I'm curious whether that PC had security software installed, whether it was up to date, which security software can deal with the Zbot (ZeuS bot) Trojan, etc.

---------

Well, i have an idea, and it's TFO (Totally Frackin' Obvious)... and might be how it happened. A poor old cleanup crew member may have been elicited to put a USB device on a bank manager machine that might not have been watched by a camera. Might have trained the cleaner to surveil the PCs, determine their visibility to cameras, then trained the dupe into deftly/swiftly attaching a USB attack device while feigning scraping something sticky from the floor, or emptying waste bins that were tough to get the bag from....

Just my eye-dea... and the FBI may not want THAT to get out lest other banks suffering poor camera placement succumb to the same thing...

Or, a native of the Ukraine/U-area working at the bank might have been subjected to manipulation of some sort, but trained to be deft and not come under suspicion. Just my inflation-deprived-$0.02-cents...

Re:HOW DID THE VIRUS/TROJAN get onto the PC? (1)

davidsyes (765062) | more than 5 years ago | (#28615911)

whupps... not "Elicited"... i meant "SOlicited"... OTOH, "e-"....

How does a keylogger ever spread? (4, Interesting)

gd2shoe (747932) | more than 5 years ago | (#28616093)

I have a much more likely scenario. They simply spread their malware everywhere, and waited to see what sensitive systems they'd netted! They needed to dupe people into sending money overseas to them. I doubt they have any non-electronic influence in the states. The story indicates that the fake company name has been repeatedly tarnished... meaning it's very likely that they've done this before and will do this again. It probably got on by worm or trojan. Once there, it sat dormant while the hackers figured out which computers were of value to attack.

Re:HOW DID THE VIRUS/TROJAN get onto the PC? (1)

sgt scrub (869860) | more than 5 years ago | (#28616173)

You make it sound like they used security measures. If they are anything like what I've experienced just in the last few years, they allow their employee's to take home laptops. The employee's install malware on them as fast as humanly possible to get the latest roller babies video and what not then share crap with each other over internal file servers and email. Just place a bridge with tcpdump & ssldump on their connection to the web and watch. The amount of UDP high port to high port traffic, P2P, makes up 40% of their traffic. The amount of 445 traffic to random outside ip address, conflicker and others, makes up another 25%. The smallest amount is nicely encrypted traffic for secure connections for business purposes. If anyone wants to bet their users passwords for those secure connections are not stored in the registry on their laptops I'll be happy to take your money. Send cash directly to my mailbox. It is probably safer than going through a bank.

Re:HOW DID THE VIRUS/TROJAN get onto the PC? (4, Insightful)

ducomputergeek (595742) | more than 5 years ago | (#28616193)

Find out if the bank manger smokes, or his/her sectary smokes. Note when they go for a smoke and where. Get a few of those USB thumb drives from trade shows and lace them with trojans and place them near the smokers outside break area and wait for them to pick it up and place them back in their machines when they get back inside. Because usually they will just to see what was on the drive.

Re:HOW DID THE VIRUS/TROJAN get onto the PC? (1)

Orion Blastar (457579) | more than 5 years ago | (#28616489)

No that isn't as reliable as sending them a "scam" email infected with a Trojan Horse program using an exploit in JPG or GIF picture rendering to execute code that installs the Trojan Horse by simply viewing the picture file.

No doubt they made the email look like a bank customer or another employee by faking the email address and using social engineering to fool them into thinking it is legit and click on it to read it.

If they left a USB thum drive, Police could get fingerprints off of that and then they would be caught. The email scam worked the best for other crimes of that nature before. Usually an employee or manager falls for it and gets infected.

When I used to work for some companies, there were always employees who fell for that scam and got virus infected. I'd know it as their email client would send me 8 or more emails with the same name and subject and body of message, and I was too smart to click on it and read it, because I suspected they got infected. One scam criminals tried to use involved greeting cards and clicking on the attached file for the greeting card infected the system with a virus. Once infected the virus uses the email address book (usually Outlook) to send out more infected emails. Most of the time it was a manager or co-worker that was stupid enough to click on the infected email. Me I usually just ignore greeting cards and other email that I suspect of being a virus, and I am right all of the time about that. That is because it does stupid stuff like send the same person 8 copies of the same message, nobody should be stupid enough to click on email that has 8 copies and is virtually the same thing with an attached file or image that looks like some computer program like a virus sent it.

For example the "ILOVEYOU" LoveBug Virus, I didn't fall for that because I knew that coworkers and managers don't send out messages with the title of "I LOVE YOU!" on it multiple times. Others did, and they were stupid enough to read it and click on the attachment.

Hmmmm.... (0)

Anonymous Coward | more than 5 years ago | (#28616727)

What happens if Autorun and file preview is disabled?

Re:Hmmmm.... (2, Funny)

Qzukk (229616) | more than 5 years ago | (#28617029)

Then they click on either hotsexygal.jpg.exe or hotmanlystud.jpg.exe, depending.

Re:HOW DID THE VIRUS/TROJAN get onto the PC? (1)

Maestro4k (707634) | more than 5 years ago | (#28616299)

Well, i have an idea, and it's TFO (Totally Frackin' Obvious)... and might be how it happened. A poor old cleanup crew member may have been elicited to put a USB device on a bank manager machine that might not have been watched by a camera. Might have trained the cleaner to surveil the PCs, determine their visibility to cameras, then trained the dupe into deftly/swiftly attaching a USB attack device while feigning scraping something sticky from the floor, or emptying waste bins that were tough to get the bag from....

More likely the treasurer was running with admin rights and cluelessly visited a link from an E-mail using IE that infected the PC. That or they stupidly downloaded and ran something because it promised a free screensaver/funny video/porn/etc. You don't need complicated scenarios to infect an end-user's Windows PC with a trojan, just bad IT practices and clueless users. As for anti-virus/other security software, this was probably a new variant of the Zeus trojan (considering the article says the direct connection part was new supports this) and said software may have missed it simply because it wasn't in their definitions yet.

Next time try a bigger county (1)

randy of the redwood (1565519) | more than 5 years ago | (#28615895)

They tried to steal $415,000 from a county with only 73,000 people? Didn't they think anyone would notice?
Next time they should try Los Angeles county (9.8 million people).

'course they would have gotten away with it if it weren't for those meddling kids!

Re:Next time try a bigger county (2, Interesting)

nanospook (521118) | more than 5 years ago | (#28615989)

It was a test run..

Re:Next time try a bigger county (1)

Dpaladin (890625) | more than 5 years ago | (#28616047)

I have a feeling it's a little easier to fool Bullitt County than it is to fool LA. After all, they were home to that McDonald's strip search fiasco! [courier-journal.com]

Re:Next time try a bigger county (1)

Mordantos (893634) | more than 5 years ago | (#28616065)

Yeah, but Cali is broke ;)

Re:Next time try a bigger county (1)

gd2shoe (747932) | more than 5 years ago | (#28616109)

They're foreign nationals. They don't care if anybody notices. Once they have the money, they're practically untraceable, untouchable. It sounds like they've done this before, and will do this again.

Re:Next time try a bigger county (1)

davester666 (731373) | more than 5 years ago | (#28616341)

Yeah, it's the idiot "forwarders" that get the shaft.

I can't believe that people think it's a regular occurrence that people and/or companies need help transferring money around, or that if they do understand that they are doing something illegal, that it's unlikely they will get caught when they use their own personal bank account/information.

Dumb Dumb Dumb.

Re:Next time try a bigger county (1)

AHuxley (892839) | more than 5 years ago | (#28617093)

Just like MS marketing :)
They're a multinational. They don't care if anybody notices. Once they have the money, they're practically untraceable, untouchable. It sounds like they've done this before, and will do this again.

Re:Next time try a bigger county (1)

John Hasler (414242) | more than 5 years ago | (#28616155)

Maybe they did do it to LA. And nobody noticed.

Lobsters (1)

kylemonger (686302) | more than 5 years ago | (#28616035)

I could not help but think of the uploaded FSB lobsters from Accelerando when I read the horribly malformed missives the thieves sent to be edited.

Learn English (1, Insightful)

NoobixCube (1133473) | more than 5 years ago | (#28616115)

Yes, I am a pedantic Grammar Nazi, and I anticipate a great modding down of this comment, but my need to say this is worse than any addict's craving for his next fix. There are few things I hate more than redundant words. "Co-conspirator" is about as redundant as it gets. A conspiracy is a group of people. People conspire to do something like this, and you call those people conspirators. What happens in a hundred years when we forget that "co-conspirator" was being used this way? Do we start saying "co-co-conspirator"?

Re:Learn English (3, Funny)

Dpaladin (890625) | more than 5 years ago | (#28616151)

Yes, I am a pedantic Grammar Nazi, and I anticipate a great modding down of this comment, but my need to say this is worse than any addict's craving for his next fix. There are few things I hate more than redundant words. "Co-conspirator" is about as redundant as it gets. A conspiracy is a group of people. People conspire to do something like this, and you call those people conspirators. What happens in a hundred years when we forget that "co-conspirator" was being used this way? Do we start saying "co-co-conspirator"?

Of course! It should be co-nspirator, referring to multiple nspirators working together...

Re:Learn English (1)

TheDugong (701481) | more than 5 years ago | (#28616205)

Cocoa conspirator.

Re:Learn English (3, Insightful)

Anonymous Coward | more than 5 years ago | (#28616285)

No, your grammar nazi-ing is not even correct. Co-conspirator and conspirator indicate different things, like specificity. If I am involved in a computer conspiracy, and another person is involved in a highway tax conspiracy, we are both conspirators. We are not, however, co-conspirators. We are not partners, we are not involved in the same conspiracy.

Also, it is possible for a conspirator to have a partner who is not part of the conspiracy. If a conspirator goes to someone and is able to get them to do a job with them, but withhold information regarding the conspiracy or its goals, then the conspirators new partner is not a co-conspirator.

The use of co-conspirator is used to denote the relation of one conspirator to another. It would actually be improper grammar to remove the "co", as it would imply ownership of one to the other. "His conspirator" and "his co-conspirator" have obviously different meanings. The use of co-conspirator removes ownership from the previous statement, and is therefore not redundant.

The first rule of the grammar nazi is only to make corrections when they are themselves correct. You, sir, and an epic fail.

P.S. Feel free to correct the poor grammar in that last sentence as if it were English, so I can call you wrong again. It's fun.

Re:Learn English (1)

liquibyte (1151139) | more than 5 years ago | (#28616411)

Co-conspirator == cooperative conspirator in other words?

Re:Learn English (0)

Anonymous Coward | more than 5 years ago | (#28616469)

There is also an equality relationship given by co-conspirator. Like the difference between a co-worker and boss/sub-ordinate.

If I say "John is Mike's conspirator" I imply a degree of ownership or superiority. If I saw "John is Mike's co-conspirator", I am no longer implying John is working for Mike, just with him.

Re:Learn English (0)

Anonymous Coward | more than 5 years ago | (#28616611)

So if two people are friends with each other do you call them co-friends? I don't think so. Co-conspirator is retarded.

Re:Learn English (0)

Anonymous Coward | more than 5 years ago | (#28616731)

Yep. All nouns are exactly alike, and if co doesn't work as a prefix for all of them (friends) it doesn't work for any (conspirator). I completely agree. Why don't we just drop "co" off of everything, co-friends doesn't make sense, therefore nothing with "co" can make sense. No more co-workers, coordinators, or cosigners. Just works, ordinators, and signers.

In fact, it isn't even necessary to address the GP's points about ownership or multiple conspiracies. Just make blanket statements supported by non-sequitor analogy and you can't lose!

Re:Learn English (0, Troll)

Runaway1956 (1322357) | more than 5 years ago | (#28616337)

Don't sweat it dude. You won't be here in a few hundred years. In fact, I just checked with the Ouija board. You only have 24 years, 10 months, and 3 days left. So, don't sweat the petty shit, you weenie. (Yeah, the Ouija board told me that you're a weenie, too - odd, you DON'T live in your mother's basement? Ahhhh, I see now.........)

Re:Learn English (0)

Anonymous Coward | more than 5 years ago | (#28616387)

Obligatory Duckman: "Well we don't LIVE in England, do we?!"

Strange brew that's also good for you (0)

Anonymous Coward | more than 5 years ago | (#28616139)

That would be kombucha.

Some people think they can outsmart me... (1)

RoFLKOPTr (1294290) | more than 5 years ago | (#28616195)

But I've yet to meet the man that can outsmart Bullitt.

Re:Some people think they can outsmart me... (1)

Nutria (679911) | more than 5 years ago | (#28617241)

Nobody remembers Steve McQueen anymore...

At least they got the decimal place correct! (1)

rrossman2 (844318) | more than 5 years ago | (#28616209)

The sub-$10,000 transfers was a good way to help avoid attention... but imagine if the decimal place was off, and what should have been "fractions of a penny that get dropped off" and add up over many years becomes a couple hundred thousands or millions over the weekend!

So impressed by basic tech (2, Insightful)

billcopc (196330) | more than 5 years ago | (#28616307)

more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers

I find it hilarious that basic TCP/IP networking stuff gets labeled as "interesting". Any idiot can initiate a connection to a host on the internet.

What's "interesting" is that the victim's machine was not firewalled to prevent this sort of thing from happening in the first place. Properly controlling outgoing traffic is of crucial importance, particularly when dealing with such sensitive information. A locked down network should be able to contain unknown connections from within, just as well as those from the great wide internet.

In my opinion, it's not the invader that cost Kentucky $415,000. The fault rests entirely on their network administrator(s).

Re:So impressed by basic tech (0)

Anonymous Coward | more than 5 years ago | (#28616699)

>In my opinion, it's not the invader that cost Kentucky $415,000. The fault rests entirely on their network administrator(s).

I don't know anyone who would be competent in that job who could be persuaded to relocate to Kentucky.

Re:So impressed by basic tech (1)

mr exploiter (1452969) | more than 5 years ago | (#28616743)

You don't get it, what they used is the logged in connection to the servers remotely. This is not a TCP/IP level attack, is more like an application attack because they must have used the IE object for the already logged in HTTP or HTTPS connection to the server. This is no rocket science but I think its a notch above script kiddie level.

TCO (1)

phrostie (121428) | more than 5 years ago | (#28616329)

is this included in M$'s total cost of ownership?

Re:TCO (1)

bloodhawk (813939) | more than 5 years ago | (#28616559)

User Stupidity is not limited to what operating system a person uses and hence is not a MS specific TCO.

Re:TCO (1)

Nutria (679911) | more than 5 years ago | (#28617257)

User Stupidity is not limited to what operating system a person uses and hence is not a MS specific TCO.

But some OSs (and browsers) are more amenable to stupidity than others.

Lets fix the story: (3, Funny)

AHuxley (892839) | more than 5 years ago | (#28616397)

Microsoft Cost a Kentucky County $415,000 :(
When will they learn.
This is my Unix. There are many like it, but this one is mine. My Unix is my best friend.
It is my life. I must master it as I master my life. My Unix, without me, is useless.
Without my Unix, I am useless. I must run my Unix true.
I must admin smarter than any hacker who is trying to own me. I must block them before they hack me. I will....
My Unix and myself know that what counts on this net is not the scripts we code, the size of our pipe, nor the data we send.
We know that it is the uptime that counts.
We will stay up...
My Unix is human, even as I, because it is my only life.
Thus, I will learn it as a brother.
I will report its bugs, share its strengths, upgrade parts, buy its accessories, open its ports and lobby for more bandwidth.
I will keep my Unix clean and ready, even as I am clean and ready.
We will become part of each other. We will...
Before Darl McBride I swear this creed. My Unix and myself are the defenders of the company I work for.
We are the masters of your script kids.
We are the saviors of your profit.
So be it, until victory is America's and there is no competition, but Profit.

Re:Lets fix the story: (0)

Anonymous Coward | more than 5 years ago | (#28616773)

Yawn. Another "UNIX is awesome, blame Windows" comment.

If everyone was using Linux, the attacks would be targeted at (and work on) Linux. 'nuff said.

Re:Lets fix the story: (1)

Dullstar (1581331) | more than 5 years ago | (#28617197)

Yawn. Another "UNIX-based systems suck" post. There are several distributions of Linux, and several types. No guarantees the software would be inter-compatible. 'nuff said.

Security audits are important! (1)

MrCrassic (994046) | more than 5 years ago | (#28616569)

Why? Because this is an example of what happens when they're not.

If I'm not mistaken, most keylogging programs can be kept out fairly easily with decent firewall rules and a good anti-spyware/anti-malware agent. The article does not report that this county's IT department (which I'll guess and say is non-existent or illusory) took preventative measures against these attacks.

Basically, they had it coming.

Re:Security audits are important! (1)

Shados (741919) | more than 5 years ago | (#28616993)

Anti-spyware/malware maybe. Firewall rules however, useless. What do you do if the software simply does an HTTP Post to a web service with default proxy settings, or if the sysadmin is clever and uses a setup where the default proxy settings are not being used, its not too hard to sniff/autodetect them. Not much to do when the malwares use the same outbound as another important piece of software...

Re:Security audits are important! (1)

Qzukk (229616) | more than 5 years ago | (#28617219)

Simple: you set up a list of only 20 or so permitted websites, and if someone needs to look up regulatory information on some obscure county website somewhere they can file form 128-A in triplicate and submit this to their manager, who submits it and F-39 to their manager, who (if they have not exceeded their department-wide quarterly quota on variances) sends it to the head of the IT department across the hall, whose secretary shreds all three copies of 128-A individually then types F-39 into a web form that times out if all 40 fields are not completed in 1 minute, which is then submitted to the IT support queue, where in 4 to 6 weeks it will be considered, and (assuming it is accepted) the IT department will allow a one hour window for accessing that site.

The IT department will place an interdepartment mail into their outbox as soon as the window opens, letting the submitter know that they have one hour to access the requested site.

Linux is not the holly grail (5, Insightful)

shemp42 (1406965) | more than 5 years ago | (#28616653)

Everyone who is claiming that linux should be used and its those stupid MS users that cause this are missing the point and have never spent one second working in a corporate IT enviroment. The fact is that every single security measure that is put in place is met with overwhelming opposition by the user base as well as the executives. A spam filter is looked at as the unholy antichrist because it blocks .00001% of legitimate emails. I have worked corporated IT for years and have constantly had to fight for just the basic's in security. IT is not given the authority to do its job. I am sure there is some IT guy that worked for the county that is now unemployed because he didnt stop it, even though he has been banging his head againest the wall to get security measures put in place. I for one am tired of hearing that the answer is Linux. Sh*& I cant even upgrade to Office 2007 without getting hundreds of phone calls from users that cant find the print button. You want me to switch them to linux? That is just comical. Rather than constantly blaming the victim we need to get tough on the criminals. If somone is mugged you dont tell them that they should not have walked down the street. You go after the guys that mugged them. You dont tell the convienence store owner that he was robbed because he was open and should not let people enter the store. This stops when we get tough on the criminals and the governments that allow them operate free from risk. How long do you think it would take these countries to stop this if we cut off all trade and aid to them? The fact is that cybercrime is not looked at as real crime. Until we start caring more about it and electing people who understand the risks it wont matter what system is in place, it will be exploited.

Re:Linux is not the holly grail (2, Interesting)

Dullstar (1581331) | more than 5 years ago | (#28616927)

Actually, Linux usually won't even need security software in the first place. You're right about some points, but not all of them. I'm going to say that your points about the victims in the scenarios you gave are relevant. And the ones who can't find the print button are just idiots. We need to get tough on the criminals, yes, but, however... it helps if people take better measures to make it harder to occur too. So Linux is the answer... but it is the only answer? No. There's Mac OS X.

Re:Linux is not the holly grail (1)

Shados (741919) | more than 5 years ago | (#28616973)

He didn't say security software. He talked about security measures in general. That means making users have strong passwords and change them regularly, not running every application they see, etc.

You can spout how Linux is more secure by design all day, but usually the current user context is MORE than enough to do damage, no matter how restricted you make it (if a user can read their own email and type in their own browser and read their own instant messages, so can a software, and its all whats needed). There's nothing you can do when a hacker can just CALL the damn user, ask them for their password, and they'll hand it over. So you need to add VPNs, proxies, restrict internet access, force password changes, etc, no matter which OS. But that is met with extreme resistance (hell, even IT people, even I, will resist it...). The software is rarely the problem.

Re:Linux is not the holly grail (0)

Anonymous Coward | more than 5 years ago | (#28617049)

Onetime passwords?
No need to remember the passwords and no need have policy to change them after X days... just a thought ... yes I'm in IT and all my (non-local) passwords are onetime ones.

Re:Linux is not the holly grail (1)

Dullstar (1581331) | more than 5 years ago | (#28617069)

Oh yeah, guess he did. But the software would have to be multi-platform to work.

Re:Linux is not the holly grail (0)

Anonymous Coward | more than 5 years ago | (#28617173)

most of the onetime password stuff is OS independent ... might need additional gadget / sw installed though, but still ...

Re:Linux is not the holly grail (2, Insightful)

pushf popf (741049) | more than 5 years ago | (#28617019)

Everyone who is claiming that linux should be used and its those stupid MS users that cause this are missing the point and have never spent one second working in a corporate IT enviroment. The fact is that every single security measure that is put in place is met with overwhelming opposition by the user base as well as the executives. A spam filter is looked at as the unholy antichrist because it blocks .00001% of legitimate emails. I have worked corporated IT for years and have constantly had to fight for just the basic's in security. IT is not given the authority to do its job. I am sure there is some IT guy that worked for the county that is now unemploy

I'll admit it's been about 15 years since I was in Banking, but either these bank people were all morons or things have really changed.
  • Why exactly is the wire transfer system even on the same network as the PCs?
  • Why do bank users even have removable drives and active USB ports?
  • Where were the auditors?
  • Where were the security people?

Re:Linux is not the holly grail (1)

Dullstar (1581331) | more than 5 years ago | (#28617147)

The security people were in another galaxy, from the sounds of things.

Lame story. (1)

nog_lorp (896553) | more than 5 years ago | (#28617091)

That malware is not interesting at all. I remember playing with SubSeven when I was in 7th grade (long long time ago) and it had ICQ notification and reverse bind options.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?