skullpayrollGangs of cyber criminals who have been attacking big business have now set their sights on public schools and colleges.  On October 17th, hackers broke into the Stanford school district and initiated fake money transfers from the schools payroll accounts. The thieves kept the amounts below $10,000 in order to avoid detection by the banks. By the time the staff caught on two days later they had already lost $177,000.

Stanford was not the only school to report thefts like this. The Sand Springs, Oklahoma school district has also been attacked,  as well as Marian University, a Catholic university in Fond du Lac, Wisconsin. Each establishment had close to $200,000 stolen from it. All three schools were able to detect the fraudulent transfers soon enough to reverse some of the damage, however the only school able to have its losses completely recovered was Sand Springs.

Read More →
David Krop, Laptop Theft Victim

David Krop, one of the very few laptop theft victims that end up with a smile on their face

David Krop, the vice president of marketing at Nationwide Diabetic, was rushing to a meeting one morning when he left his two laptops inside of his car. He later returned to discover that the car’s door window had been smashed in and that both of his laptops were stolen. He reported the theft to the local police but they were not too enthusiastic about getting his laptop back.

When Krop got home, he remembered that he had installed a remote access application called LogMeIn on one of his laptops.  Using the service he was able to log into his laptop from his home PC and view what was happening on his lost laptop. Shortly after entering his information he was able to see that the person who had his laptop was using it to watch porn, download videos, talk with friends and occasionally change his Facebook status. Krop took notes and still frames of his laptops activities before deciding to go to video. He got especially lucky when the new user entered into a video chat with a friend and he was able to see the suspects face.

Read More →

facebook-fan-check-virusWord has spread through Facebook that the popular Fan Check application may actually be a virus. Many Facebook users who have downloaded the application have made complaints that their accounts were being hacked and sending unintentional messages to their contacts.

The application, which became available only recently, monitors the friends that comment on your wall or photos the most, and ranks them from highest to lowest. Shortly after it became available on the social networking site, groups already began forming asking for Facebook to ban the new application and warning fellow users not to download it.

Read More →

eyeimWith the recent release of Mac’s Snow Leopard and the upcoming Windows 7, it’s  only natural that hackers gave their viruses an upgrade as well. According to security company RSA, the Zeus trojan virus now employs the use of instant messaging. After the Zeus trojan has gotten a hold of someone’s account, a hacker will automatically receive an instant message notifying him that that his hack was successful.

Once installed on a PC, the Zeus virus sends the hacker the user’s log-in information and passwords. Then a module, that can be applied to the virus, can search for information specifically concerning financial institutions. A security company called Damballa estimates that the number of PCs that have been infected with the virus are currently at around 3.6 million,  making the Zeus Trojan one of the most aggressive invasive malware viruses around.

Read More →

snow-leopard1Mac users are all in a buzz about the latest Mac operating system release, Snow Leopard. However there are already growing compatibility and security concerns. According to Trend Micro, one of their researchers have discovered several websites advertising free versions of the new Mac operating system that actually download malware viruses into the users computer. Specifically the virus is a DNS changing Trojan called OSX_JAHLAV.K. According to Trend Micro, the virus  may also be downloaded without the user’s knowledge following a visit to a malicious Web site.

Trend Micro’s Bernadette Irinco stated,”Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts…the said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.”

Read More →

skype4beta_videochatA programmer named Ruben Unteregger has released the source code behind a malware program that he created specifically to record Skype voice conversations on the sly.

Unteregger, who used to work for a company called ERA IT solutions, created MiniPanzer and MegaPanzer. Both of these programs were originally created and sold to Swiss authorities to be used as surveillance tools. The programs were designed to hook into the Window XP’s audio drivers to record victims VoIP calls as MP3s. Afterward, these MP3 records are automatically sent to a remote server for an eavesdropper to collect.

Unteregger stated that he had retained copyright for the programs and has decided to release the source code and two compiled binaries so that signatures to detect the malware could be created. Just days after Unteregger released his code, Symantec and TrendMicro stated that their anti-virus programs had already detected Trojans in the wild similar to that of Unteregger’s.

Read More →

twitter_hack3As social networking sites like Facebook and Twitter become more popular with the public, they also become more popular with internet hackers. Recent studies conducted by Breach Security showed that social networking sites were responsible for at least 19% of internet hack attacks in 2009. Just last week, an employee of  Arbor networks, Jose Nazario, discovered an attempt by attackers to use Twitter as a command and control to send instructions to infected computers. Twitter messages are being used to send out new download links, which in turn downloads a password-stealing Trojan known as Infostealer.Bancos.

Aside from Trojan, a popular malware installing virus called Koobface worm continues to wreak havoc on Facebook. A report from Kaspersky Lab shows that these malware attacks are ten times more effective than those sent through email. The important lesson to be learned here is that attackers are going to follow more users as these social network sites continue to grow rapidly. This provides serious risks for users who share too much of their private details out on these sites. Posting information such as home addresses, exact locations, and even telephone numbers are not the smartest things to do when site defenses are potentially so weak.

Read More →

alg_cyber-attackAs businesses and individuals become increasingly dependent on digital technology, a series of cities in the Inland Valley and San Bernardino County in California have began to take steps that will provide for more efficient social security and personal privacy as computer technology constantly evolves.

“It requires constant vigilance and making sure that you are prepared,” said Elliott Ellsworth, information technology director for the city of Ontario.

Several government agencies have made steps to tackle threats such as viruses and denials of service attacks by installing services such as anti-virus software, firewalls, and application security. Orleans established a department similar to this over a decade ago and now operates with several network security specialists. Many cities including Ontario, Claremont, Pomona and Fontana have information technology or services departments, which often provide technical support and network security.

Read More →

As our modern world becomes ever more tied to computers and the systems that run it, our computer networks are constantly under the threat of hackers, spam and malware. We may be living in a constantly connected, dynamic society, but the benefits of the modern world’s dynamic nature are coming at a price to people’s person information security. Recent developments in the field of computer security have shown just how large of an uphill battle the public and our institutions are fighting against the unseen forces that endanger our computer networks.

The problem of spam and malware has increased a whopping 80% since last quarter, partly attributed to the advent of new procedures online including shortened URLS, frequently used on social networking sites such as Facebook and Twitter.spam

When it comes to condensed URLs used on Facebook and Twitter shortened links, “The caution that users usually apply when they view search results and news links disappears behind the obfuscating address,” the a McAfee security report notes.

According to a report issued at the recent Black Hat security conference, another recent computer security threat is that of the Machiavelli technique, in which hackers take control of already victimized Macintosh computers and steal protected data. This technique takes control of the Safari browser before gaining data to protected information such as financial records.

mac1Macs are the apple’ of the public’s eye due to their impressive applications and high-end computers, but according to security expert Dai Zovi and others, who authored the report on the technique, attacks on Macs will rise as they gain market share on PC’s running Windows. Mac’s operating system will be easier to attack for hackers because it has much more code, therefore allowing them to have a larger affect on the system.

People today are constantly under the threat of malware posing as antivirus software. Many have experienced the hassles and sometimes truly dangerous consequences of fake antivirus software, but many people probably do not realize just how prevalent and resourceful this army of malware really is. According to PandaLabs, the samples of fake antivirus software have been reproducing like crazy and grew to 374,000 by the second quarter of 2009. The company estimates that as many as 35 million computers per month are infected by rogue antivirus programs, mostly due to users who are not diligent enough in checking out the programs they pay for. These samples are a big family to feed, and they will feed on the inattentive and uninformed.

Although it is a challenging battle, there are a few methods by which you can fight these forces.

1) Don’t always provide your e-mail address and apply strong caution when opening a suspicious e-mail sent to you.

2) Be careful when following links on social networking sites. If there’s a tag to the link, pay attention to what it says before clicking.

3) Don’t download pirated software or media: For hacking techniques such as Machiavelli, do as much as possible to avoid downloading pirated software and avoid pirated media that will put you at serious risk.

(via Wired, Cnet and News.com.au)

Read More →

appleiphoneapps-security2Does your company use the  iPhone 3G (or 3GS) as an important business tool? You may be ecstatic with your fancy new play-toy now, but maybe it’s time to take a long pause and consider the risk involved with the product you are using. According to one prominent iPhone developer and computer hacking expert, the 3G’s enterprise-friendly encryption is extremely weak and very vulnerable to hackers, to the point that it can be cracked in as little as two minutes with the right freeware.

Read More →