Crooks Hack Music Players For ATM Skimmers
Pull skimmer equipment off the ATM and walk away with it and your are likely to get busted by feds or local cops who may be monitoring the machine.
If not, you are likely to be confronted by the scammer who put the thing there in the first place. It's not uncommon for these things to disappear the minute someone from the bank notices something's wrong and goes inside to report it. That's because the thieves often are somewhere nearby watching the machine.
Cybercriminals Shifting To Bugat
Wondering how much this "story" actually differs from the Trusteer press release, below:
FOR IMMEDIATE DISTRIBUTION
Trusteer Researchers Find Criminals are Diversifying Financial Attacks with New Version of Bugat Malware
Bugat Quietly Distributed in Recent LinkedIn Phishing Assault; Unlike Zeus Trojan, it is Less Well Known and Harder to Detect
NEW YORK, Oct. 12, 2010 -Trusteer, the leading provider of secure browsing services, today announced that its researchers have discovered a new version of the Bugat financial malware used to commit online fraud. Bugat was distributed in the recent phishing campaign targeting LinkedIn users, which was generally considered to be trying to infect machines with the more common Zeus Trojan. The emergence of this new version of Bugat appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known and therefore harder to detect and block.
Bugat is similar in functionality to its better known financial malware brethren Zeus, Clampi and Gozi. It targets Internet Explorer and Firefox browsers and harvests information during online banking sessions. The stolen financial credentials are used to commit fraudulent Automated Clearing House
(ACH) and wire transfer transactions mostly against small to midsized businesses, which result in high-value losses. Bugat is three times more common in the US than Europe, but its distribution is still fairly low.
In last week's attack, LinkedIn users received emails reminding them of pending messages in their account and providing a malicious URL. When a victim clicked on the link they were directed to a fraudulent website where a java applet fetched and installed the Bugat executable. LinkedIn spam email is an effective tool to push malware to enterprise users, and is being used to gather credentials for commercial bank accounts and other sensitive services used by businesses.
"Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection,"
said Mickey Boodaei, CEO of Trusteer. "We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet."
Trusteer warns that the recent industry focus on Zeus is making it easier for other Trojans, like Bugat, SpyEye, and Carberp which are less wide spread but equally sophisticated, to avoid detection. Carberp currently targets nine banks in the United States, Denmark, The Netherlands, Germany, and Israel. These lesser known financial malware platforms are expected to increasingly compete with the Zeus toolkit to become the new Trojan of choice for criminal groups.
Blocking and Removing Bugat
The Trusteer Secure Browsing Service protects banking and other online sessions by blocking attacks and then disinfecting machines that are infected with Bugat and other financial malware including Zeus, SpyEye, and Carberp. When a Trusteer user browses to sensitive websites such as internet banking, Webmail, or online payment pages, the service immediately locks down the browser and creates a tunnel for safe communication with the web site. This prevents malware like Bugat from injecting data and stealing information entered and presented in the browser. The service is directly connected to the bank (or other online business protected by Trusteer) and to Trusteer's 24x7 fraud analysis service. Attempts to steal money from consumers protected by Trusteer are immediately detected by the bank or operator of the website and are blocked using various layers of protection.
Banks Urge Businesses To Lock Down Online Banking
the malware discussed in the blog posts linked from the summary illustrates how the crooks are defeating securID-like tokens, as well. Zeus, eg., is often seen in an attack rewriting the HTML of the bank's Web site as the victim sees it in his or her browser. In the simplest case, where the code is required at login, the attackers simply serve the victim with a maintenance page (down for maintenance, please try back in 15 min).
e.g., Beware of Error Pages at Bank Web Sites
Some banks require businesses to provide a SecurID or other token key when they initiate a wire or ACH transfer. This is getting closer to the solution, but a lot of commercial banks don't like to require that because many customers initiate such a high number of transfers each day, that it becomes impractical.
The hard-to-attack solution, which really doesn't address the usability issue -- is to require the SecurID number both on login and on transfer.
Washington Post Blog Shuts Down 75% of Online Spam
From their press release:
"In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening."