Eugene Kaspersky, founder and CEO of Kaspersky Lab, gives an insider’s view to the Internet Cybercrime Ecosystem and the quick and dirty on the how’s and why’s.
Read this and you might come away with a whole new outlook on Internet security. Either way it’s and interesting insight into the world of professional computer crime and it’s effects on everyone.
Go to Cybercrime Ecosystem
]]>The update is easily done in a minute or two and given the severity of the security issues is highly advisable.
Video instructions here: Java Update Video and step-by-step instructions below.
- Go to “Start” and select either “Control Panel” OR “Settings” -> “Control Panel” depending upon which start menu view you are using.
- Once in the Control Panel screen look for an item marked “Java” with this icon
and double-click it to open the Java console. - On the top row tabs will be a choice marked “Update”. Click that to open the Update panel.
- On this panel will be a button marked “Update Now”. Click that and following the update instructions. In the case of the video my computer was already updated.
The email shown here is what is known as “a phish” or “phishing attack.” While this one in particular is an attack on those having a PayPal account, phishing attacks have been conducted on virtually all well known financial institutions including banks and credit unions.
To get an understanding of how this is done let’s dissect this rascal and see what’s behind the scenes!
Those familiar with the PayPal service and its logos will likely agree this looks very official, and indeed it should as the attacker is actually using PayPal’s logos from www.paypal.com. For example here’s the HTML code (the language used to create web pages) from the email for the PayPal logo at the top of the page. If you click on the underlined part of the item below you will see that it takes you to the actual PayPal logo at the real PayPal site of paypal.com.
< img src=”http://images.paypal.com/en_US/i/logo/email_logo.gif” alt=”PayPal” border=”0″/>
If you’re not familiar with HTML code, don’t worry about it. The important point here is that those creating phishing attacks do link to the real graphics for logos and other distinctive items at the legitimate web site to make their fake email look more authentic.
Now let’s look at the attacker’s goal and how the actual attack takes place. The attacker’s goal is usually simply to get the unwary user to believe they are actually complying with an official request from the given institution (PayPal in this case) and to get the user to enter their private data such as login name and password. Other phishing attacks similarly try to get users to provide account numbers, passwords, credit card numbers and similar information. In short, any data that the attacker can use to conduct a fraudulent transaction to his financial gain.
The “how” they accomplish this is by hiding the link to where you’ll actually be taken if you click on the link in the letter. Let’s clarify this with the current example above. In the email shown above we see at the end of the first paragraph the sentence ..
You can submit additional information at the following link:
followed by the rather official looking link:
https://www.paypal.com/cgi-bin/webscr?cmd= login-run
Let’s look at the actual HTML code for this email again to see what’s really going on here. The actual code for the above link is:
< a href=”http://some-place-other-than-paypal.com” target=”_Blank”>https://www.paypal.com/cgi-bin/webscr?cmd=_login-run< /a>
The above is how a link to another area on the web is coded within HTML. Notice that the second part, starting after the “_Blank”>” section is the same as that which appears in the link given in the graphic of the actual phishing attack email above. This is the visible part of a hyperlink. Where the hyperlink actually takes you is given by the first part which in this case I have replaced with a fictitious link titled “http://some-place-other-than-paypal.com,” which is exactly what happens. The attacker takes you to a fraudulent site that is made to appear legitimate
Let’s demonstrate this with the actual working link. Note, nothing will happen here as this is a fake link and you’ll just get a “page not found” error if you try. The important thing to note is to look at the actual link given at the bottom of your browser when you position the mouse over the visible link. Notice you’re actually being shown the hidden link of “http:// some-place-other-than-paypal.com”
This is the heart of a basic phishing attack. I obviously used a fictional place and did so for several reasons, in a real situation the attacker will direct the unwary user to a fake site that has been set up to look like the real thing and then have the victim submit the items mentioned above such as login names, passwords, credit card numbers and other personal items that can be exploited for personal gain by the attacker.
New and more sophisticated attacks have been developing over the past year that add a few twists and turns to how the attack is conducted but the above outlines the primary concept of redirecting the unwary user to an area meant solely to fraudulently capture the private data.
Protecting Yourself
If you receive such an email, the safest bet is to just delete it. If you believe that the email might be legitimate, don’t click on links given in the email. Instead start your browser and type in the URL for the institution yourself and then log into your account.
As an example, PayPal did send out emails to account holders a while back requiring that they agree to some changes in the terms of service. Not even bothering to see if they were legitimate, I just deleted the email, started Firefox, and logged into my PayPal account. Sure enough, there was a message there requiring some actions on my part.
Moreover you can help prevent these miscreants from plying their illicit trade by forwarding the phishing email to ‘reportphishing@antiphishing.org’.
Also, many organizations such as ebay and PayPal are using the universal email address of “spoof@the-institution-name.com” such as spoof@ebay.com or spoof@paypal.com.
Thoughts, comments and questions welcome. Tell us what you think!
]]>The enterprise security threat environment for 2006 and 2007 includes a marked increase in sinister security threats — targeted, intentional criminal attacks originating from outside the enterprise, and collusion between criminals and inside contacts — according to Daniel Blum, senior vice president and research director at Burton Group. Blum’s research shows that with global deterrents from law enforcement being weak, criminals are organizing into an underground economy of specialists. Near-term results include increases in the volume and scale of criminal attacks on companies and consumers.
]]>]]>PENNSYLVANIA LOTTERY WARNS PLAYERS TO BE WARY OF A SCAM USING LOTTERY LOGOS
MIDDLETOWN, Pa. - Recently, a number of consumers have received an e-mail titled “CONGRATULATION! CONGRATULATION!! CONGRATULATION!!!,” which fraudulently uses Pennsylvania Lottery logos. These e-mails, as well as other similar e-mails touting a lottery prize, are a scam according to the Pennsylvania Lottery’s Security Office.The current fraud using the Pennsylvania Lottery name and logos is an attempt to access personal information, such as Social Security numbers or bank account information.
The Pennsylvania Lottery does not notify winners via e-mail or any other method when they win a Pennsylvania Lottery prize. Winners must contact the Lottery when they have a winning ticket. Each individual who wins a Powerball or other Pennsylvania Lottery jackpot prize must file a claim in person at Pennsylvania Lottery headquarters to receive his or her prize.
No not the kind that’s rather tasty sliced and toasted (that’s bagel) but a new variant of the Internet worm that just won’t die. Or at least go away.
Round about last Friday (March 3, 2006) a new variant of the bagle worm was being captured by security labs and seen by potential victims that threatens legal action against the recipient.
Some of the common subject lines are:
Pay your debts before we come to you
Call to your lawer immidiately
Lawsuit against you
We wait your response
As usual the bad grammar and spelling should be a tip-off as to the less than upright intentions and validity of the message.
The object of course is to get the alarmed recipient to throw aside a normal degree of careful judgment (thou shalt not open attachments from unknown sources) and react to the message. That reaction will hopefully, from the worm writer’s viewpoint, include a quick double-click on the attachment. Doing so will not surprisingly infect the computer with this latest variation of the bagle worm variously named by respective parties as:
Email-Worm.Win32.Bagle.fr (Kaspersky)
W32.Beagle.DX@mm (Symantec)
W32/Bagle.dy@MM (McAfee)
W32/Bagle-DO (Sophos)
Win32.Bagle.FM@mm (BitDefender)
Win32/Bagle.AN (CA)
Worm/Bagle.FS (Avira)
WORM_BAGLE.DQ (Trend Micro)
As always keep your anti-virus software up to date and avoid opening attachments until certain of their origin.
SIDE NOTE:
If you have an attachment that you believe is legitimate one small tip that helps prevent mishaps is to always first SAVE the attachment to the hard drive (In Outlook use File -> Save Attachments) before opening. Doing so typically causes the real time anti virus scanning engine in your anti virus software to give the file a once over for nasties. Not all anti virus packages scan email or have that option turned on so the save to disk procedure gives an extra edge of protection.
Related Links & Reading
]]>Russian and Ukrainian hackers have been arrested for the alleged theft of over ???1m
(1 million Euros - approximately 1.22 million USD) from French bank accounts.
The electronic thefts occurred by infecting the victims’ computers with a key logging
program embedded in emails and malicious web sites. The key logging software
was particularly stealthy in that it remained essentially inactive until a victim
used their computer to contact their bank online. At that time it would record
login and password information and send that via the Internet to a site to be
retrieved by the computer crime gang.
With the login credentials in their possession the hackers could then access
the victim’s financial accounts at will and monitor balances and transactions.
Once they determined there was a sufficient level of funds to be worth the risks
they would transfer the monies to accounts of third parties known as mules in
the jargon of money laundering. Mules are awarded typically a 5-10% commission
for aiding in the transfers and may or may not be aware of their participation
in the electronic crime schemes.
Quoting security expert, Nicolas Woirhaye, from the article:
“He said the best way to beat pirates was to use up-to-date anti-virus software.
“All the French victims were trapped because they didn’t have any [computer] protection,” he said.
To which we would add that not only is a quality anti virus program with up to date signatures a must but so is one of the top anti spyware software programs. Information gathering programs such as key loggers aren’t always detected by traditional anti virus software but are one of the primary areas of focus for the high end anti spyware products.
]]>aspiring computer criminals can now buy custom built trojan code online. Quoting
the article from the Panda website:
02/24/06.- PandaLabs uncovers a complex malware creation system designed to spy and steal personal data
After Panda ActiveScan detected a malicious code designed to spy on infected computers and capture data, a complex espionage system has been uncovered. This system sells made-to-measure Trojans to hackers for US $990.
The article continues and points out the specifics of the malicious program:
PandaLabs has detected a new Trojan called Trj/Briz.A, whose main
aim is to steal personal user data from affected computers. This code stands
out because it specializes in stealing bank details and data from web forms
and that its author customizes the code for hackers.
Of course it’s a basic axiom of business that it’s essential to manage your assets
carefully. This developer knows their marketing as the Panda article adds:
Apart from the code, cyber-crooks that buy this crimeware also get
a complex system for controlling the status of the infection caused by the
custom Trojan. This allows the client to get a list containing a large quantity
of data about the infected computers: IP addresses, passwords and even the
physical location of the computers. In this way, the cyber-crooks can always
have their malicious activity under control.
Trend watchers of malware development have been aware that for about the past
two years there’s been a movement away from the traditional “hacking for fun
and fame” to a business model of electronic crime for profit. The Panda article
makes note of this point:
Luis Corrons, director of PandaLabs, explains that ???as authors of
Internet threats have changed their objective, which is now financial gain,
they have also changed the way they design their threats. Therefore, they try
to ensure that their creations go unnoticed, to both users and security companies, for as long as possible.???
Kaspersky labs, a leading name in antivirus research and software, discusses
this trend in their white paper, “The Cybercrime Ecosystem”. (
- PDF: opens new window).
Where as previously the development of such high caliber malicious software took
significant programming skill and experience it’s now available as an “off the
shelf” item.
The cost and other barriers to entry to becoming a cyber criminal have just been
lowered. As such it seems likely that the sophistication level and sheer number
of threats will continue to rise.
I wonder if they take PayPal?
Related Reading
]]>With all the main stream news surrounding these recent additions to the language
of the Internet online users are increasingly familiar with the term phishing but
perhaps less so with it’s close cousin pharming. Either way the essential thing to understand is all these scams, regardless of name, have a common theme.
They are attempts by electronic criminals to gain financially at your expense.
Electronic criminals in their phishing attempts have generally targeted large, well known institutions such as eBay, PayPal, Bank of America, and Washington Mutual. In response many such operations have implemented programs to combat the rising tide of such crime.
Responses include consumer education and improved login security procedures such
as Bank of America’s recent implementation of the their program called SiteKey.
SiteKey helps protect BOA’s customers by requiring the user, as part of the registration process, to select an image and an accompanying phrase that only the user knows. If a phishing/pharming attack attempted to get the user to logon onto a bogus site appearing to be the legitimateBank of America site the SiteKey picture and phrase for this user, if even present, would in all likely hood be different from those selected by the user when registering. This procedure acts as an extra level of protection to alert the user to the potential fraud in action.
Protection Check List
There are a number of things users can do to protect themselves from online fraud and financial scams.
- Run Basic Security Software on your computer such as antivirus and anti spyware programs. Moreover only use proven names that are known industry leaders such as Symantec or Kaspersky in the anti virus area and PC Tools Spyware Doctor for anti spyware products. As a starter you can find some information on Anti Spyware software here.
- Don’t Click on Links in E-mails asking you to update information.
Virtually no financial institution will send such an e-mail. If you believe
that the request may be legitimate then either call the institution to get
more information and/or log onto your account using YOUR book marked link in
your browser or by typing in the URL yourself.PayPal, for example, does periodically send out email regarding a necessary action that needs to be taken for your account. Logging into PayPay by typing the URL in the browser address box, instead of clicking on any provided link, is strong protection against being a victim of a Phishing email. - Report the Incident if you receive a phishing e-mail. Help yourself by helping others and report the phishing attempt. Large financial institutions and other groups are actively working to both prevent such attacks and to take down the web sites used by the attackers. The simplest response is to forward the phishing e-mail, maintaining the HTML format, to reportphishing@antiphishing.org .