When the worm turns - September 29, 2009
I decided to dedicate the day to proving that online banking is drastically broken, (see the day's previous posts) I thought it prudent to bring to your attention another article, which came out today in Australia's newspaper. The Age. Here are some excerpts:
IT is said to have infected 10 million computers running Microsoft Windows XP and Vista. Some reports call it ''the largest threat of cyber crime'', a label others dispute. The Conficker worm was first detected in November 2008 but gained prominence recently because of attacks on some important government and commercial websites in Britain, the US and Europe. It appears to be spread through websites and emails it infects - and there it waits for an unwary user to download or click on.
It is one of the more famous examples of malware (malicious software) on the internet today. (Editor's Note: Others say Zeus, other's say Clampi...but what about 6 months from now?)The latest malware attack on financial institutions is called Clampi (also known as Ligats or Ilomo). It was first detected in the US in July but has since spread to thousands of computers around the world, mainly in English-speaking countries, including Australia.It is a Trojan horse because it carries a hidden threat. Internet security companies say the organized criminal groups using Clampi and its clones are monitoring at least 4500 finance-related websites on the internet.
Any computer visiting an infected site becomes infected by Clampi, which lies dormant until the user logs on to one of the banks or other financial websites the criminals have on their list. Clampi captures the victim's log-in and password details and sends them to a server operated by the criminal gang.
With access gained to the victim's bank or credit card account the gangsters can transfer money to accounts they own or to third-parties, known as mules, who will launder the stolen funds or use stolen credit card details to buy goods.
Worldwide, Clampi's victims number in the thousands and the criminal harvest is in millions of dollars...
Editor's Note: I guarantee that It would be immensely cheaper put a clamp on this Trojan horse (and Zeus...and Conficker...and whatever they come out with in the next few months) to give away HomeATM's to online banking customers to avoid further losses. Banks online banking customers could authenticate themselves the same way they do when they withdraw cash from ATM's. (sans skimmers and hidden cameras!)
There is also a thriving, almost open trade on clandestine online bulletin boards for the information that malware obtains - bank, credit card and online casino account numbers, user names and passwords - and
in the hire of the digital robots that trawl the net looking for victims, Scroggie says.
Editor Further Notes: The web is broken. Online Banking is not only not safe. It is downright dangerous. Why? Because "the WEB" is teeming with threats. Again, there is only one way to secure authentication procedure. "Outside the Browser Space!" Clearly that has never been clearer than it is now. Want more clarity?
Continue Reading the article at "The Age.com"Brian Krebs latest article in the Washington Post today.
Kids vs. the Banks." I guess you could say that the security of online banking is so weak, that it's provides hackers with the equivalent of "stealing candy from a baby."
Here's a blurb from Security Fix:
"On Sept. 9, crooks stole $30,000 from the Evergreen Children's Association (currently doing business as Kids Co.), a non-profit organization in Seattle that provides on-site childcare for public schools. Kids Co. chief executive and founder Susan Brown said the attackers tried to send an additional $30,000 batch payment out of the company's account, but that her bank blocked the transfer ather request.
"Now we're in this battle with our bank, because my staff accountant checks the account every day, and we notified the bank before this money was stolen and the transfer still went out," Brown said. (ooh...the bank will have a hard time defending that move)
Then last week, criminals targeted Medlink Georgia Inc., a federally qualified, not-for-profit health center that serves the uninsured and under-insured. The thieves stole the user name and password to Medlink's online banking account, and used that access to send more than $44,000 to at least five different "money mules," people wittingly or unknowingly recruited via online job scams to help criminals launder stolen funds. The mules typically are told to wire most of the funds they receive to the criminals abroad (minus a small commission).
Gary Franklin, MedLink Georgia's chief financial officer, said the company's bank reversed some of the fraudulent transfers, but that it looks like transfers to two of the mules - worth $15,000 -- may never be recovered.
Also last week, unknown hackers stole nearly $200,000 from Steuben ARC, a Bath, N.Y., based not-for-profit that provides care for developmentally disabled adults. The fraudulent transfers were sent in two batches to at least 20 different money mules around the nation. Steuben's bank blocked the second batch, for a total of $103,000, and a portion of the $93,000 worth of bogus transfers from the second batch.
Steuben's director of finance, Anita Maroscher, said the company is still trying to recover some $42,000 in stolen funds.
Bob Haley, Steuben's director of information technology, told Security Fix that the thieves were able to steal the company's online banking credentials through a keystroke logging piece of malware disguised as a shipping invoice that was sent via e-mail to one of Steuben's accountants. "It went through this lady's computer, there was a file called 'dhlinvoice.zip' that she mentioned having opened while checking her Web mail at work," Haley said. "She said there wasn't anything she recognized in [that invoice], but there was a Trojan horse in it."
The Trojan horse in question was none other than Clampi, by many accounts one of the most sophisticated pieces of malware in distribution today. (Editor's Note: Don't underestimate Zeus) Clampi is so complex and clever that some of the smartest security researchers out there are still trying to decode all of its functionality and features. Researchers at Symantec last week just posted what they say will be the first in a series of write-ups discussing various aspef Clampi.