Romanian Authorities Dismantle Cybercrime Ring Responsible For $25M Credit Card Fraud

By Lucian Constantin
November 27, 2012 02:24 PM ET

IDG News Service - Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling $25 million.

Officers from the country's organized crime police working with prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) executed 36 search warrants on Tuesday at residential addresses in several Romanian cities and arrested 16 individuals suspected of being members of the credit card fraud ring.

According to DIICOT, the group's members gained unauthorized access to computer systems belonging to foreign companies that operate gas stations and grocery stores, and installed computer applications designed to intercept credit card transaction data.

Read more...

Hackers Hit International Atomic Energy Agency Server

IDG News Service - A group of hackers leaked email contact information of experts working with the International Atomic Energy Agency (IAEA) after breaking into one of the agency's servers.

The group published a list of 167 email addresses along with its manifesto on Sunday in a post on Pastebin.

"Some contact details related to experts working with the IAEA were posted on a hacker site on 25 November 2012," IAEA spokeswoman Gill Tudor said Wednesday in an emailed statement. "The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago. In fact, measures had already been taken to address concern over possible vulnerability in this server."

Read more...

Google Says The Scope Of Drive-by Malware Is 'Significant'

How ironic that Google allows you to initiate a Web search by clicking on a button labeled "I'm Feeling Lucky." The button is supposed to take you to the first Web site that turns up in your search. Instead, it just might take you to malware hell.

In a preliminary report issued by Google in early February (see All Your iFrames Point to Us in the Google blog), researchers reveal the depth of the worldwide malware problem and conclude “the scope of the problem is significant.” This isn’t news if you’ve ever have to clean up the mess left behind after a malware infection. But if you’re feeling fairly confident that you do enough to protect yourself and the other users on your network, this report should open your eyes to the real world, and it’s not pretty.

New Weapon Against Drive-by Downloads Emerges

As more employees visit social networking sites while at work, network managers are seeing a rise in accidental malware infections known as drive-by download attacks.

Cybersecurity researchers trying to stop users from inadvertently compromising their machines have come up with a novel idea: Give them PCs running virtual machine software so they can act as sensors that detect malware infections and prevent them from infecting enterprise networks.

The idea was developed by George Mason University's Center for Secure Information Systems (CSIS) in conjunction with Northrup Grumman Information Systems.

This PCs-as-sensors approach was outlined at the Cyber Infrastructure Protection Conference held at the City College of New York last Friday.

Reference:

ATM Malware Spreading Around The World

Cash machines around the world are hosting malware that can harvest a person's card details for use in fraud, a situation that could worsen as the malware becomes more sophisticated, according to a security researcher.

Analysts at Trustwave's SpiderLabs research group were surprised earlier this year when it obtained the ATM malware sample from a financial institution in Eastern Europe, said Andrew Henwood, vice president of SpiderLabs's Europe, Middle East and Africa operation. Trustwave does forensic investigations for major credit card companies and financial institutions as well as penetration tests.

"It's the first time we have come across malware of this type," Henwood said.

Reference:

Cyber Criminals Target Travelers

FBI: Guests' Data Collected When They Log Into Hotel Wi-Fi Overseas
(CNN) -- A recent warning from the FBI about hackers targeting guests' data when they log into hotel Wi-Fi overseas was a salient reminder to travelers of the risks to data security on the road.

The alert, from the FBI's Internet Crime Complaint Center, was addressed to U.S. executives, government workers and academics but did not specify a particular country of threat. It warned of a spate of incidents of travelers encountering bogus software update pop-ups when they used hotel internet connections overseas. When they clicked on the "update," malicious software was installed on their computer.

Hotel Wi-Fi connections are particularly risky, said Sian John, UK security strategist at Symantec, because they are often set up without proper security settings. But they are merely one data-security threat among many facing business travelers.

Reference:

Anonymous Attack Brings Down Tons Of GoDaddy Sites

Today is not a good for those working behind the scenes at GoDaddy. TechCruch is reporting that an Anonymous member has brought GoDaddy down and, by extension, has brought down many of the sites GoDaddy hosts. Apparently, the attack was carried out by someone going by the name of “AnonymousOwn3r” on Twitter, and he says that he worked alone in bringing the website hosting service down.

FBI Director: Cybercrime Will Eclipse Terrorism

"Today, terrorists have not used the Internet to launch a full-scale cyberattack, but we cannot underestimate their intent," he said. In the wake of the Sept. 11 attacks, the FBI invested heavily to develop new skill sets and formed more than 100 joint anti-terrorism task forces with other government agencies, military branches and local law enforcement organizations.

Reference: Cybercrime Will Eclipse Terrorism

300,000 Infected Computers to Go Offline Monday

According to a group of security experts formed to combat DNSChanger, between a quarter-million and 300,000 computers, perhaps many more, were still infected as of July 2. 


DNSChanger hijacked users' clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled real domains. 


At one point, as many as 4 million PCs and Macs were infected with the malware, which earned its makers $14 million, U.S. federal authorities have said. Infected machines will lose their link to the Internet at 12:01 a.m. ET Monday, July 9, when replacement DNS servers go dark.


Reference:

Ads on Wikipedia Can Point to Malware Infection

Every now and then, Wikipedia's popularity and brand are misused by malware peddlers, typosquatters and scammers.

But the fact that the Wikipedia project is funded exclusively by donors and the site never display ads also makes it a good litmus test for discovering whether one's machine is infected with certain types of malware.

"If you’re seeing advertisements for a for-profit industry or anything but our fundraiser, then your web browser has likely been infected with malware," Wikipedia's Director of Community Advocacy Philippe Beaudette pointed out in a recent blog post.

This usually happens when a specific browser extension has been inadvertently downloaded and installed by the user.

"Ads injected in this manner may be confined to some sites, even just to Wikipedia, or they may show up on all sites you visit," he says. "Browsing through a secure (HTTPS) connection may cause the ads to disappear, but will not fix the underlying problem."

One must disable the extension in question, but even after having done this, other malware could still be hiding on the computer, and then a malware scan is order.

Beaudette points out that ads seen on Wikipedia's site can have one final source - one that might not be malicious but is still annoying: the users' Internet provider, who injects them into web pages for profit.