Sunday, May 24, 2009

Online Banking Scam Warning

Source: Cisco
Complete item:

Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a security update that is required for online banking
The e-mail messages contain a link and request that users download the software so that the user can access online banking websites.  If the software is executed, it attempts to install malicious software.
E-mail messages that are related to this threat (RuleID2355) may contain the following files: Banrisul.scr

The .scr file has a file size of 727,312 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xE0FCDDBB89417E3590548EB8475F9F79

Reblog this post [with Zemanta]

Gumbler Attacks Spreading Quickly

Subject: Web Site Compromises
Source: CNET
Complete Item:
'Gumblar' attacks spreading quickly | Security - CNET News
The attackers behind a series of rapidly spreading Web site compromises have begun using a new domain to deliver their malicious code, security experts say.

The attacks, collectively referred to as "Gumblar" by ScanSafe and "Troj/JSRedir-R" by Sophos, grew 188 percent over the course of a week, ScanSafe said late last week. The Gumblar infections accounted for 42 percent of all infections found on Web sites last week, Sophos said.

Over the weekend, the Chinese Web domain used to deliver the malicious responding, according to Unmask Parasites, a service used to detect malicious code embedded in Web pages. The attacks' malicious payload has, however, continued to be delivered from a different source, the domain, Unmask Parasites said Monday in an advisory.

"They have slightly modified the script and now inject a new version that loads malicious content from a new domain," Unmask Parasites said.

Changes to the script make it more difficult to identify and stop detection by the Google Chrome browser, Unmask Parasites said.

Gumblar was first detected in March and has spread more quickly since then, against the expectations of security experts.

"A typical series of website compromises reaches peak within the first week or so and subsequently begins declining in intensity as detection is added by signature vendors, user awareness increases and website operators begin cleaning the affected sites," ScanSafe senior security researcher Mary Landesman, said late last week in an advisory.

In the Gumblar attacks, the opposite is occurring, partly because Web site administrators themselves are affected by the attacks as they try to address the problem, ScanSafe said.

Sites affected include,, and, according to ScanSafe.

Four-Fold Increase in Credit Card Fraud Down Under

Subject: Credit Card Fraud
Complete Item: 
Four-fold increase in credit card fraud
Credit card fraud in Australia has been growing four times faster than the number of card transaction Aussies make and there’s been a warning to businesses to strengthen their defences against the fraudsters.  More than 50 percent of the growth in fraudulent transactions- to the tune of $120 million last year – was the result of the use of counterfeit cars or skimming.

Information security firm, CQR Consulting, also says that Card-Not-Present fraud (CNP) – where neither the card not the cardholder is present at the time of the transaction, through a mail, telephone, fax or internet order – and the use of counterfeit cards or skimming, were the two main ways of fraud faced by card users. 

In 2007 the cost of fraud due to counterfeiting/skimming cards was $32,825,883, rising last year by over 51 per cent to $49,781,436.
The total cost of Card-Not-Present fraud in 2007 was $53,794,096, but it was also up – by 33 percent – last year to a total value of $71,578,908.

Darrall says the growth in card fraud rates is leading to increased efforts by banks and card brands to reduce their exposure to the fraud.


Disqus for ePayment News