Safe and Secure

Miami businessman Joe Lopez lost $20,000 when someone used a Trojan, called Coreflood, to compromise his computer and learn the password to his Bank of America online account. From Trojans to phishing to much simpler methods like looking over your shoulder as you type your password, cyberthieves are hard at work gaining access to your credit cards, bank accounts and investment accounts online. This is why if you do any transactions online or even fill out online forms with personal information, you simply must use the best available security techniques and, as noted here often, regularly updated antivirus and firewall software are just the start.

In April 2004, moments after logging on to his online account at work, Lopez spotted an entry revealing that someone had executed an electronic transfer of $90,348.65 to Parex Bank in Riga, Latvia. Lopez knew no one in Latvia. “I thought I was going to vomit,” he recalls.

The next day, according to bank records, a mysterious figure named Yanson Arnold withdrew $20,000 in cash from Parex Bank, leaving $70,348.65 behind. Arnold has not been heard from since.

USATODAY.com - Cyber crooks break into online accounts with ease

A new worm, a type of internet based computer virus, is spreading on the American Online Instant Messaging platform, AIM. The new worm installs a “rootkit”, a file which is designed to hide the worm from your computers security software. The worm spreads itself as a clickable link going out to everyone on the “Buddy List” of an infected computer, so before clicking on a link from one of your buddies, make sure it was sent intentionally.

The advice to users is to be careful when clicking on links in IM messages–even when they seem to come from friends–and to use up-to-date antivirus software. When receiving a link in an instant message, the best practice is to verify with the sender if the link was sent intentionally or not.

AIM worm plays nasty new trick | Tech News on ZDNet

Concerned about customer privacy and security, as well as the cost to banks of fraud, credit card issuers are offering single use “virtual credit card” numbers for online, telephone and mail order shopping. The numbers are computer generated, used one time and then discarded. Only the customer and the issuer know the real underlying number.

Although the system slightly differs on each card, the principle is the same: For no extra charge, consumers sign up at the credit card’s Web site, often downloading software on their computers.

Then, when they’re ready to shop, they receive a randomly generated substitute 16-digit number that they can use at the online store. The number can be used once or, in some cases, repeatedly at the same store.

The Cincinnati Post - The virtual card

From Security by the Numbers,

$400 billion was the overall cost of cybercrime in 2004. [2005 McAfee Criminology Report]

Yet only 27% of small or medium sized businesses use an antispyware product. 73% of consumers felt that personal data theft would deter them from shopping online, but 80% allow their computers to be infected with spyware that can steal their data without their ever even visiting a shopping site.

Microsoft offers some tips and tools on avoiding security threats via Bluetooth wireless connections. Bluetooth is a wireless technology that allows many PDAs, cell phones and other portable devices to interface with each other over short distances.

Bluetooth® wireless technology is included with many cell phones and PDAs. It was initially designed to let you swap documents between other Bluetooth devices without the use of annoying connecting cables, but has since expanded to provide services such as Web connectivity and online game playing. However, any time you transmit information online, you can be vulnerable to online attack; and as the popularity of Bluetooth increases, so does its interest to cybercriminals.

Avoid wireless attacks through your Bluetooth cell phone

The Washington Post reports that two top security suites don’t work all that well beyond the core antivirus products. In the case of the McAfee suite, it actually opens up problems by setting Internet Explorer as the default browser, turning off pop-up blocking and requiring the use of Active-X controls (which are susceptible to malicious programs) for updates.

While both McAfee and Symantec have excellent antivirus programs, for the remainder of security issues - especially firewall, adware and spyware protection - it’s better to use other alternatives than to use the “suite” products. Safe and Secure recommends Zone Alarm Pro for firewall protection. For adware and spyware protection on Windows systems a combination of programs is best, including Spybot Search and Destroy, Microsoft’s Antispyware beta and Lavasoft’s Adaware.

And remember, whatever your program, regular updates are a must.

Security Suites Are Rife With Problems

For another, the complexity of the Symantec and McAfee suites seems to cause them to fail in ugly and destructive ways, according to readers who have written in to complain about these problems week after month after year.

Most important, the latest McAfee and Symantec suites just don’t work all that well.

October is National Cyber Security Awareness Month. Small business people can look for Regional Small Business Cyber Security Workshops sponsored by the FBI, SBA, National Institute of Science and Technology and Multi-State ISAC. Public service announcements will provide individuals with the tip to “Stop Think Click”.

National Cyber Security Alliance Targets Identity Theft During National Cyber Security Awareness Month

Although the scope and cost of identity theft are vast, it is clear consumers are becoming increasingly concerned about online identity theft and/or phishing, and are limiting online activities because of these threats. According to a recent survey(1), Internet users are less likely to open unknown email, provide personal information and contribute to charities online, due to fears about identity theft. Additionally, the individuals polled think they are 50 percent more likely to become a victim of a phishing scam in the upcoming year than they are to experience a home break-in.

(more…)

A Japanese man convicted of creating a fake version of the Yahoo website and using it to steal account information from Yahoo users was given a suspended sentence. With attacks coming from parts of the world that may not even bother to prosecute online fraud, as well as countries like Japan that give a slap on the wrist, consumers can’t rely on government to protect their personal information. It’s up to you to know who you are dealing with online, to be properly cautious and to protect your computer and your information.

RED HERRING | Phisher Gets Slapped on Wrist

A Japanese man convicted of creating a fraudulent website to steal personal information was given a 22-month suspended sentence earlier this week, alarming security analysts who said Thursday the penalty is too soft and sets a bad precedent in the fight against scammers.

In Japan’s first case against phishing, Kazuma Yabuno, 42, was recently convicted of creating a website that tried to mimic Yahoo Japan by replacing the ‘h’ in the Yahoo with ‘f’ creating the name ‘Yafoo!’ The trick site’s name closely resembled the original and has the same pronunciation in Japanese.

Through the spoofed site, Mr. Yabuno proceeded to obtain account names and passwords of Yahoo members and gained illegal access to their email accounts.

Symantec, the makers of Norton Internet Security and other computer security products, has released their latest Internet Security Threat Report, Volume VIII for September 2005. The report finds that attacks have moved away from “hacking” on large corporate networks to targeting “clients,” or individual computers, for purposes of fraud, theft and identity theft.

Symantec Enterprise Solutions

Attackers are moving away from large, multipurpose attacks on network perimeters and towards smaller, more focused attacks on client-side targets. The new threat landscape will likely be dominated by emerging threats such as bot networks, customizable modular malicious code, and targeted attacks on Web applications and Web browsers. Unlike traditional attack activity, many current threats are motivated by profit. They often attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud.

A new computer virus, technically a “worm”, has popped up that pretends to be Google. The worm spreads itself through “peer to peer” filesharing networks.

Financial Mirror
P2Load.A spreads via P2P networks, or to be more precise, the P2P programs Shareaza and Imesh. It does this by copying itself to the shared directory of these programs as an executable file called Knights of the Old Republic 2, referring to a computer game related to the Star Wars saga. When it is run, it displays an error message informing the user that a file does not exist and offering to download it. If this happens, the computer has been infected and the worm makes two main modifications: it modifies the start page, showing advertising; and spoofs the identity of the Internet browser Google.