Monthly Archive for September, 2009
A gang of organized cyber criminals that has stolen millions from businesses across the United States over the past month appears to have turned its sights on public schools and universities. On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District in tiny Sanford, Colorado initiated a batch of bogus transfers out of the school's payroll account. Each of the transfers was kept just below $10,000 to avoid banks' anti-money laundering reporting requirements, and went out to at least 17 different accomplices or "money mules" that the attackers had hired via work-at-home job scams. A school employee spotted the bogus payments on the morning of the 19th, when the school district learned that $117,000 had been siphoned from its coffers by cyber crooks. Sanford Superintendent Kevin Edgar said the school successfully reversed two of the transfers totaling $18,000, but that rest of the
Apple last week released Mac OS X 10.6.1, the first security update for Snow Leopard users. Cupertino also issued a bundle of updates to fix more than 30 security flaws in its 10.4 and 10.5 OS X and OS X Server systems. Snow Leopard shipped with an outdated and insecure version of the Adobe Flash Player. The 10.6.1 update fixes that, patching at least nine vulnerabilities in Flash, and bringing the Snow Leopard Flash plug-in up to date with the current 10.0.32.18 version. The Tiger and Leopard security bundles also include the Flash update, along with security fixes for components like ColorSync and CoreGraphics. The updates are available through Software Update or via Apple Downloads. One final note: Over the weekend, a number of Security Fix readers who are also Mac users wrote in to ask for advice after being peppered with rogue anti-virus pop-ups. The readers complained they received
Finding the notorious Clampi banking Trojan on a computer inside your network is a little like spotting a single termite crawling into a crack in the wall: Chances are, the unwelcome little intruder is part of a much larger infestation. At least, that's the story told by two businesses which recently discovered Clampi infections, compromises that handed organized cyber gangs the access they needed to steal tens of thousands of dollars. In early August, attackers used Clampi to swipe the online banking credentials assigned to the Sand Springs Oklahoma School District. The thieves then submitted a series of bogus payroll payments, totaling more than $150,000, to accomplices they had hired throughout the United States. Sand Springs Superintendent Lloyd Snow said the district has since been able to get about half of those transfers reversed, while the district's bank graciously covered the rest of the loss. Initially, Snow said, suspicion fell
Apple has shipped a security update to fix multiple vulnerabilities in the iPhone and iPod Touch. The company also pushed out a patch to plug security holes in Windows and Mac versions of its QuickTime media player. The iPhone update -- version 3.1 -- includes at least 10 security fixes, and several minor new features, such as the ability to better organize apps in iTunes and to download ring tones wirelessly. Apple also issued an update for its iPod Touch (v. 3.1.1) that includes a short list of new features. The QuickTime update brings that software to version 7.6.4 and fixes at least four separate security problems. Apple users can grab the update via Software Update, while Windows users will need to use the bundled Apple Software Updates application. The iPhone and iPod Touch updates are only available through iTunes.
Organized cyber thieves are increasingly looting businesses in heists that can net hundreds of thousands of dollars. Security vendors and pundits may be quick to suggest a new layer of technology to thwart such crimes, but in a great many cases, the virtual robbers are foiled because an alert observer spotted something amiss early on and raised a red flag. In mid-July, computer crooks stole $447,000 from Ferma Corp., a Santa Maria, Calif.-based demolition company, by initiating a large batch of transfers from Ferma's online bank account to 39 "money mules," willing or unwitting accomplices who typically are ensnared via job search Web sites into bogus work-at-home schemes. Ferma President Roy Ferrari said he learned of the fraud not from his bank but from a financial institution at which several of the mules had recently opened accounts. Ferma employees worked extensively with that bank and several others to reverse the
Mozilla says that the next version of Firefox will warn users if they are running insecure, outdated versions of the Adobe Flash Player, as part of a nascent effort to work with vendors of the most popular browser plug-ins to ensure users aren't falling behind on important security updates. Beginning with Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their Flash plugin is out-of-date. Mozilla said it is starting with Flash because if its ubiquity, but also in response to recent studies showing as much as 80 percent of users are running old versions of Flash. "Mozilla will work with other plugin vendors to provide similar checks for their products in the future," the company said on its Security Blog. "Keeping your software up to date remains one of the best things you can do to keep yourself safe online, and Mozilla will continue to look for ways
Microsoft today pushed out software updates to plug at least eight critical security holes in computers powered by its various Windows operating systems. The patches are available through Windows Update or via Automatic Updates. The flaws were addressed in a bundle of five patches, each of which earned Microsoft's most dire "critical" rating, meaning they are serious enough that attackers could break into systems without any help from users. One particularly dangerous flaw covered by this month's patch batch is a problem with the way Windows handles Javascript. While this flaw stems from a faulty component of the Windows operating system, it would most likely be exploitable through Internet Explorer versions 6, 7 and 8, said Wolfgang Kandek, chief technology officer at software security provider Qualys. The flaw resides in every version of Windows except Windows 7. In fact, none of the vulnerabilities patched today affect Windows 7, Kandek said.
Since our story about Eastern European cyber crooks targeting small to mid-sized U.S. businesses ran last week, I've heard from a few more victims. Eerie similarities in their descriptions of how they were robbed suggest the bulk of this crime may be the work of one or two gangs. David Johnston, owner of Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, said his company lost nearly $100,000 on July 23, when crooks used the company's credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country. "Our daily limit on these transactions was $100,000, and [the thieves] took just $47 short of that amount," Johnston said. "What we're looking at really is the bank robber of 2009. They don't use a gun, they have lots of helpers, their [profits] are huge, and
Apple Thursday shipped an update to plug a slew of critical security holes in its version of Java for Leopard systems (OS X 10.5). In other Apple patch news, it appears those who have updated to the latest version of OS X -- 10.6/Snow Leopard -- received an insecure version of the Adobe Flash player. The Java update brings Mac's version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash -- version 10.0.23.1. Snow Leopard users can upgrade to the latest version -- 10.0.32.18 -- by visiting the Flash Player Download Center.
