wired.com — New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim?s dwindling balance by rewriting online bank statements on the fly. The sophisticated hack uses a Trojan horse program installed on the victim?s machine that alters html coding before it?s displayed in the user?s browser to...
Sep 30, 2009 View in Crawl 4
badqatSep 30, 2009
Hmmm...that's quite a level of sophistication. And probably just a harbinger of things to come.
underduressSep 30, 2009
so I don't have 1 billion dollars? better return my millions of yachts :\
ferretmanSep 30, 2009
Dang that's pretty clever.
underduressSep 30, 2009
have you been looking at my account or what? oh, and my comment proves i've been on digg too long today.
mrbitchOct 1, 2009
@ alarchy, RE: " .. More than zero... (quick and dirty google, first page of results) "You should also have read (if you did read your own links) that NONE of those trojans was able to auto-install itself.ALL of those trojans had to be installed manually by the user running Mac OS X.If you read THIS article, this particular trojan infected the Windows PC just by visiting the web site, in other words the user was the victim of a "drive-by" installation.The current number of OSX trojans that can auto-install themselves : Zero.FTA :<a class="user" href="http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/" rel="nofollow">http://www.wired.com/threatlevel/2009/09/rogue-ban ...</a>" .. The victims? computers (running Windows) are infected with the Trojan, known as URLZone, after visiting compromised legitimate web sites .. "
johnnysoftwareOct 30, 2009
Actually, an auditor from a German company looking to invest in US mortgage securities or banking discover a totally non-technological cause.As part of her actually doing "due diligence" she went to California, investigated the the contents of mortgage loan applications, checked to verify if they were correct or not, and came back and informed her employers that virtually all the loan applications contained false information - and that the banks let it slip through.So, needless to say, the German company did not invest. And that was one of the first signs from outside the industry that something was deeply wrong.Considering that banks were getting money from the Fed at close to 0% interest, they scrambled to let as many loans as they could. Considering that the Fed then turned around and bailed them out at taxpayer benefit, many got away with it. But that is not the way capitalism is supposed to work. People should have been honest on the applications, banks should have checked the information, been honest about what they found and required the borrowers to correct the errors and resubmit - but not turned around and sold the loans with the errors in them.Everything has flaws in it. Almost (?) every job includes duty to check for flaws in things the worker receives and notify someone else in the organization and/or handle them (e.g give it back to person who gave it to them to fix it).And THAT is what made the banks fail.
johnnysoftwareOct 30, 2009
Programmers aren't that stupid and neither is organized crime.The amounts are sub $10,000 withdrawals because that is supposedly the number that SWIFT or other banking systems trigger extra scrutiny. Probably the triggers could or should be lower at least some of the time to catch scams like this which obviously are now common.One of the first thing almost any new programmer learns is how to generate and then use random numbers. It is as easy for a computer as it is for a person to pick differing numbers below $10,000 each time. Computers are probably better at it, in fact.Basically, the solution is simple. Fix vulnerable programs so they do not require anti virus software since that obviously is not catching everything. Educate public about Trojans and implement safety checks in any software that downloads files from the Internet.Macs, despite not being much involved in these sorts of crimes, nevertheless have safety checks built into them to foil such things when they occur. They have flaws in them too but they have a lot of extra safe things included to help offset vulnerabilities that exist.a) Macs are checking for some Trojans some crooks tried to create that was infecting other crooks.b) Macs check with you when you run software downloaded from the Internet the first time. If it comes in a disk image archive they ask you to confirm before mounting it as well as before executing the the program.c.) Macs also remember the URL a file was downloaded from on the Internet in case the file turns out to cause a problem or you want to get a newer copy of it.d.) Macs do not have ActiveX, DCOM, or IE in them - and those happen to be involved in quite a lot of the computer crime these days. Macs do not have tons of unnecessary networking services turned on in them by default. They come on only if you wish them on and tell your Mac it should run them.e.) Macs simply do not run most Windows viruses & worms because those malware are written to only work with the Windows API and programs that Microsoft only puts onto Windows.It sounds like these steps are so basic they would not help but it is because they are so basic that they are so effective.It looks like the biggest threat to Macintosh and in fact the whole computing security of the world comes not from unwanted attention from cyber crooks. It comes from how much money and computing power Windows users have handed over to cyber crooks for the past half dozen years.The opportunities the money creates to open attacks through new territory and increased influence & outward respectability - combined with the equivalent of many thousands of supercomputers - lets them tackle people, organizations, and computers in ways that would have been inconceivable 5 years ago.Most people in the computer field even will not have digested it until a year or two. Then some popular magazine or newspaper or agency totals up just what has been transferred to cyber crooks. But they will go a step further, and add up just what the implications are for how it can be used in brute force and indirect attacks. Most security relies on having some security in personnel or mechanisms. It is getting clear that the former is not so good and the latter is really bad. But getting hundreds of thousands of people compromised or millions of machines invariable has cataclysmic results. Look at industry failures, civil wars, and explosives proliferation for examples of this. Computers in some ways can be likened to explosives - it is a fair analogy, especially when they are unstable.It should not have gotten as far as it had but it will go further until things shatter. You can be sure there will be 6 billion people then saying, "...but it wasn't my job - it's someone else's job". Everyone is someone else to somebody but obviously, they have not even prevented this cyber crime problem from increasing every year.Do something safe today and check something you are given. Be skeptical about something vaguely suspicious in spite of its source. You will be doing your part to turn back the tide.Do your job.
johnnysoftwareOct 31, 2009
And then the criminals would change it to be not so easy.Think about it. If they did not know how to fool stuff to begin with, then they would not have figured/found out how to fool the operating system, the web browser, and the user to pull off their crime in the first place.If people were totally smart to begin with then some programmer would have not have written buggy operating system code, browser code, web plugin code, etc. - or at least their manager or peer would have read the code and caught the mistake. Or the user would have noticed that since this is happening to lots of people he may not want to use exactly the same software on the same web in the same way as other people who got robbed this same way.See my point?If they try something that does not work badly enough that they get caught and go to jail then the next guy in the group tries something else until at last one of them does not go to jail. It is like the same way humans learned which foods were poisonous and which ones were not, every time they picked up and moved somewhere else.By the way, if our ancestors took 9 years to figure out what food was poisonous like it is taking us to figure out what software is most dangerous, we would have never been born. Clearly our environment does not select for cyber savvy.
funkmunkyNov 22, 2009
Not mine they can't... They'd have to know my name and have my ID first... Besides, I'm not a yank...