Tuesday, December 29, 2009

RushCard Announces Card-to-Card Funds Transfers...





Cincinnati, Dec. 29, 2009 -- RushCard today announced the availability of its new, highly-demanded card-to-card funds transfer feature. The feature offers unparalleled (You want unparalleled?  Then read on) convenience and affordability to those who want to transfer money between Prepaid Visa® RushCards, and it comes just in time for the income tax refund season.



With the new card-to-card funds transfer, RushCard members can instantly transfer money at a fraction of the cost they'd pay to move money through leading wire transfer services. A RushCard member can now transfer funds to another member's card at a low, flat rate, and they can transfer funds between their own RushCards for free. Transfer fees with other services can be eight to ten times higher to move the same amount of money.







Editor's Note: That "unparalleled" card-to--card funds transfer sounds like a nice feature. HomeATM also offers an "unparalleled" card-to-card funds transfer feature.  What makes it unparalleled?



The difference is that there is no requirement for the transfer to be from one Prepaid "RushCard" member to another Prepaid "RushCard" member.



Our Instant Transfer works from one Visa Bankcard to another Visa Bankcard...or one MasterCard to another MasterCard...or one Visa to one MasterCard.  A Genuine "any bankcard-to-any bankcard" funds transfer feature.



Oh, and where you bank doesn't matter...you could bank at Wells Fargo and send cash to a friend who banks at Bank of America...or US Bank, etc. The only requirement is that you have a bank issued card and PIN to send money and the recipient has a bank issued card and PIN to receive money. 



Instant Transfer.  ANY bankcard-to-bankcard...any bank to any bank.  Just swipe your card and enter your PIN.  Only HomeATM offers IT!




All funds transfers can be completed in minutes online at rushcard.com or over the telephone with a customer service agent.



Also, card-to-card funds transfers can be easily executed on a mobile phone and regular funds transfers can be scheduled months in advance. RushCard is the only prepaid debit card that allows its members to schedule transfers in advance.



"By giving our members the ability to move funds via a mobile phone and to schedule their money transfers in advance, RushCard has changed the game for funds transfers," said entrepreneur and philanthropist Russell Simmons. Simmons launched RushCard to help people without a traditional banking relationship gain the access to the financial services and respect that they deserve. "No one should be forced to pay higher fees to transfer much-needed money to a loved one or to save. Now, RushCard gives them a very convenient, much more affordable way to make these important transactions."



Direct deposit of tax refunds is a safe and easy way to manage the new windfall of cash. The new card-to-card transfer functionality rewards that sound money management practice, company officials said.



"Thanks to their tax refund, many people have extra funds in the early part of the year to send to others or to save," said Ram Palaniappan, general manager of the RushCard. "With our newest feature, our members can quickly and easily send money to college students or other loved ones in need, or transfer the funds onto their own secondary RushCard as a way to save. Our members really wanted this feature, and we are proud to offer it for a mere fraction of what others charge."



In addition to card-to-card funds transfers, RushCard members also enjoy industry-leading online budget management tools that allow them keep track of their expenses and avoid costly financial woes. Soon, RushCard will announce even more incentives to encourage direct deposit during the 2010 tax season.



Anyone interested in applying for a RushCard can apply online at www.rushcard.com , or call the toll-free member services line at 1 (866) RUSHCARD.



About UniRush LLC



Headquartered in Cincinnati, UniRush LLC was created to offer the over 48 million Americans without access to a traditional banking relationship an array of basic financial services via the Prepaid Visa RushCard. Benefits of the program include direct deposit, the ability to withdraw funds at over 850,000 ATMs globally, the ability to use the card wherever Visa debit cards are accepted and free 24/7 customer service. For more information about UniRush and RushCard visit www.rushcard.com .



Source: Company press release.




Fake Antivirus & Smartphone Attacks are 2010's Top Threats



Everyone has an opinion and here's PC Advisor's on what 2010 will bring.  While I don't necessary agree with their specific prognosis, in general, (highlighted in yellow) I wholeheartedly agree with their premise that it's going to get worse before it gets better. 



So what is my humble opinion?  Next generation Online Banking Trojans (OBT's) will emerge which will paralyze the online banking industry.  Bank Technology News Editor's Rebecca Sausner was not far off when she proclaimed that online banking is dead.  It's dead as we know it.  Which is typing in username's and passwords. 



In 2009 we saw Conficker, Zeus, Clampi and URLZone.  Nobody seems to know what Conficker's purpose is, Zeus is immune to up-to-date anti-virus programs, analysts say the only way to avoid "getting the Clampi" is to use separate machines for browsing and online banking and URLZone siphons money from online banking accounts and then rewrites the html code to make it appear that your balance is still in order. 



So what would happen if the bad guys combined the best features of these banking trojans to create a brand new next generation OBT.      2010's biggest security threat...and the end of typing in financial information into boxes in browsers...



Look at what happened in 2009.  Besides the fact that malware now infects about 60% of the worlds PC's, accepted two-factor authentication techniques, such as One-Time-Password's (OTP's) have been deemed inadequate. 



The good news is that there are millions of these OTP generating fobs that need replacing and HomeATM provides the only genuine two factor authentication device to be PCI 2.x certified.  Again, what you have (card) and what you know (PIN) is genuine 2FA...and is still the most trusted method used by financial institutions to dispense cash from ATM's.   One of the lines I used a lot this year was "Someone's going to swipe your card data...shouldn't it be you?"  Well...shouldn't it?  







Analysts predict next year's biggest security attacks

Ellen Messmer - PC Advisor



The rise of the Conficker worm and rogue antivirus scams were of the biggest security trends of 2009. What's in store for 2010?



"It's going to get worse," says Patrik Runald, senior manager of security and research at Websense, who argues there has not yet been a year when things got better in terms of security and the wider internet. Criminals have been mastering botnets, phishing scams and fake antivirus software sales, and 2010 will bring new waves of attacks that exploit fresh targets. Specifically, smartphones such as the Apple iPhone and those based on Google's Android operating system will be in attackers' line of sight for 2010, Runald says.





While a handful of malware attacks have surfaced of late against 'jailbroken' iPhones (ones whose owners have deliberately disabled Apple controls), it's only the beginning...



Continue Reading





Kapersky's Version of Top 2010 Threats





Kaspersky Predicts Online Threats for 2010

According to the security experts from Kaspersky Labs, in the next year (2010) the form of cyber assaults against users will change from assaults launched through applications and websites to those launched via file-sharing or P2P networks.



The firm observed that attackers were popularly using the services due to their important role in distributing a large number of malicious infections, including for a very famous malware code for OS X.



Besides these, while there emerge new attack techniques, infections by malware would get sharper. Kaspersky forecasts that online attackers would employ rootkits along with other clandestine techniques in increasing instances to beat security vendors' malware detection software.



Kaspersky also says that there are many ways for modern cyber-criminals to make revenue via Internet by utilizing large volumes of Web-traffic generated through botnets. In the current times, it's mainly black-market services, which vie for exploiting botnet traffic...



Continue Reading



F-Secure's Version of Top 2010 Threats





F-Secure Predicts E-Threats for 2010

Internet security firm F-Secure, during the third week of December 2009, released a list of probable e-threats for 2010.



The list reveals that the market share of Windows 7 will increase in 2010. Conversely, the overall market share of Windows XP will fall below 50%. Consequently, security will be enhanced and easy assaults in wealthy nations will get reduced. However, malicious assaults will shift to countries still using XP, especially developing countries.



Mikko Hypponen, Chief Research Officer at F-Secure, anticipated that cybercriminals will try to find easy targets, reported Forbes.com on December 15, 2009.z

Meanwhile, certain clues prove that there may be less security flaws in the codes of Windows 7 as compared to Windows XP. While the code-base for Windows 7 was available to security researchers and hackers during 2008, merely 9 flaws were discovered in Windows 7 during 2009 as compared to the 137 flaws found in Windows XP. However, that number is likely to change with Windows 7 being increasingly adopted.



Furthermore, F-Secure predicts that with more searches via Bing and Google there'll be changes in Search Engine Optimization attacks that will now occur more frequently. Consequently, people will be increasingly forwarded to fake Internet sites or sites with malware.


eWeek's Version of the Top Security Stories of 2009



With the year almost done, eWeek's Brian Prince takes a look back at some of the major stories that shifted the security landscape in 2009. In no particular order, here are the top security stories of 2009:



1. Conficker Countdown:
The April 1 doomsday many predicted may not have materialized, but it certainly made good fodder for discussion among mainstream media and tech press outlets alike. Speculation surrounding just what the worm’s update would be set off a flurry of stories and blogs. In the end, the day passed relatively quietly—and even now as the year closes mystery still surrounds Conficker’s origins and purpose. But the mystery has not slowed the number of infections, and according to statistics from the Shadowserver Foundation, China and other Asian countries are now home to the largest number of Conficker-infected PCs.



2. Cyber Security Coordinator:
U.S. President Barack Obama finally made good this month on his promise to appoint a cyber coordinator to help develop a cyber-security strategy for the United States. The appointment of Howard Schmidt follows not only the release of a sweeping review of the nation’s cyber-infrastructure but also reports of a number of high-profile security incidents ranging from hackers hitting the country’s electric grid to attacks on government networks.



3. Gonzalez and His Gang Taken Down:
Hacker Albert Gonzalez and his crew were tied to some of the biggest breaches in recent memory, including Heartland Payment Systems, Hannaford Bros. and TJX. “The case was a rare win: an actual arrest and conviction in a cybercrime/hacking case,” opined Paul Roberts, an analyst with The 451 Group. “The lesson: Moderately sophisticated criminals, with a bit of determination, can breach even the most sensitive of corporate and financial networks by 'hitting the ball where they ain't,' so to speak.”



4. Social Networking Security and You:
There was an increasing awareness of privacy and security issues affecting popular sites such as Facebook, which touched off controversy in recent weeks with changes to its privacy controls. Though intended to improve user security, the changes resulted in a backlash that caused several consumer and privacy advocacy groups to file a complaint with the Federal Trade Commission. Meanwhile, officials in the U.S. military went back and forth trying to decide just how much social networking they were going to allow.



5. Apple iPhone Security Woes:
Owners of jailbroken iPhones couldn’t catch a break this year. It started with a Dutch teenager exploiting the fact that many jailbroken iPhones are running OpenSSH with a default root password. In the ensuing weeks, a worm and an attack tool popped up that also took advantage of the situation. To address this, users were advised to change their passwords—and to think carefully before jailbreaking their phone.



6. Hacktivists Stay Busy:
There were a number of notable examples of hacktivism in 2009. From the recent attack on Twitter that redirected users to a site by the “Iranian Cyber Army” to a denial-of-service attack in August targeting a pro-Georgian blogger to a series of DDoS attacks against the United States and South Korea, hacktivists took the blame for a growing share of incidents this year.



Continue Reading at eWeek

HomeATM Headline News through December 29



For more extensive news and industry coverage please see our award winning blog or visit our corporate website.



Industrialized Hacking Leads 2010 Security Trends

ADVANCE ... credentials for one application -- like an email account -- these will also apply to other applications such as online banking and PayPal accounts



Tech trends for 2010 — a Netscape moment coming up

VentureBeat c,2009 was a great year for online gaming, with Zynga, Playfish, and others leading the charge and showing the power of Facebook and the social networking ...



Was Citibank the Victim of a Massive Breach?

Citigroup Denies News Report of Multi-Million Dollar Hack. Was Citibank breached by hackers who siphoned tens of millions of dollars from the bank's customers? The Wall Street Journal on Tuesday reported news of an FBI investigation into an alleged Citibank computer security breach by hackers linked to a Russian cyber gang. Citigroup executives, however, categorically deny the breach and investigation at Citibank. Read Entire Article



Amazon Hit With DDoS Attack

InformationWeek DDoS attacks occur regularly on the Web and are usually brought under control by service providers before the assaults cause serious damage. ...



Mobile payments at a crossroads

An October 2009 report from The Nielson Co. found that the number of consumers using mobile devices to shop on the Internet increased 34 percent between July 2008 and July 2009. Industry experts predict these numbers will continue to grow. What effect will it all have on the implementation of cutting edge mobile payment applications? Read entire story



Visa's Image Overhaul

US Banker TV, print and online ads also focus on how Visa is improving government efficiency through e-payments and even advancing financial literacy in low-income



VeriFone Prevails Again in Heartland Dispute

Finding that Heartland's contentions "contradict its own claims in this case," a federal court has completely rejected an effort to prevent VeriFone from offering direct support to merchant customers of Heartland Payment Systems. Read more



Online Bank Protection Still Weak

Bank Technology News | December, 2009By John Adams There are still holes in online banking protection, according to Javelin Strategy & Research, which says lots of banks are still using long passwords and very rudimentary information for authentication purposes.



Verifone and Heartland Talk in Private...Battle Publicly







Digital Transaction News reported yesterday that Verifone and Heartland might be working out their spat...



VeriFone Battles Heartland Publicly While the Two Talk in Private

"Payment card terminal maker VeriFone Holdings Inc. on Monday issued a press release trumpeting its victory in a courtroom skirmish with merchant acquirer Heartland Payment Systems Inc. What VeriFone didn’t mention, however, was that it is in settlement talks with Heartland that could end their multifront legal war. That war, which might affect tens of thousands of Heartland’s merchants beginning Friday, started when VeriFone sued Princeton, N.J.-based Heartland for allegedly infringing on its patent for end-to-end encryption of payment card data.



Indications of a possible settlement surfaced Dec. 23 when a Lawrenceville, N.J., attorney working for VeriFone, Joseph Schramm III of Fox Rothschild LLP, filed a request with a U.S. District Court magistrate judge in Trenton, N.J., asking for an extension of VeriFone’s Dec. 28 deadline to respond to Heartland’s lawsuit against VeriFone in that court. “This request is presented on consent of both parties,” Schramm’s letter reads, and is being sought “due to preliminary discussions that may result in resolution of the above mentioned matter and several related actions …”.


Continue Reading at DTN





Hackers Hit Anchorage Retailer



Computer hackers obtained information belonging to an Anchorage, Alaska, retailer that pertained to between 150 and 1,000 credit card users, police said.



Police said credit card fraud on the part of what appears to be an organized national scheme started trickling in about a month ago and rapidly grew during the holiday shopping season, the Anchorage Daily News reported Wednesday.  "There's a reason why they do this at this particular time: Because of all the transactions, it's easy in all the noise to hide and to be less likely to be caught and be able to use the stolen goods longer, for larger amounts," Anchorage police department cyber crimes Detective Glen Klinkhart said.



Police declined to release the name of the business because the retailer is also a victim. The retailer has cooperated with the investigation, and police fear that divulging the name of the business might jeopardize their investigation. "We're confident that we're able to figure out how it happened, where it happened and why it happened, and we've secured the credit card system that's in place. At this point, we're confident that there are going to be no more breaches," Klinkhart said.

Police said they are working with national authorities to discover the culprits.





Contact

European News Network

EU News Network

wire@eunewsnet.com

Tel: +44 (0) 758-845-6978



New ‘HomeCard’ Helps Consumers Save for a Down Payment



Editor's Note:  As difficult as it is, I will refrain from being sarcastic, sardonic or even poke fun at earn 25% cash back statement in this press release other than to say...next time, you might want to replace "invented" with "conjured up."



NEW CANNAN, Conn.--(BUSINESS WIRE)--The HomeCard™, which can help potential home buyers save for their down payments, has been introduced by The HomeCard Company, Inc., and will be available to consumers in early 2010.



“We started The HomeCard Company and invented the HomeCard to help ease the financial end of that decision by helping consumers earn along the way and give them a path that can lead to the American dream of owning and retaining a home.”



With the HomeCard, consumers can earn up to 25% cash-back on everyday purchases  which can be deposited into an interest bearing FDIC insured savings account to help speed savings for down payments or to fund home repairs.



“With some banks raising rates and fees for cards, we thought the time was right to launch a new cash-back card -- The HomeCard,” said Jack Loop, president and founder of the HomeCard Company. “It’s the first ‘ethical’ credit and debit card designed specifically to help consumers save for down payments, buy a home, get the right mortgage, and even get up-to-date information on how to retain and maintain a home.”



Mr. Loop said the HomeCard will be available early in 2010 to consumers from all income brackets and credit scores at rates lower than what some banks are charging. He said the HomeCard will be either a MasterCard® or Visa® card, and will be offered as a debit card, a secured credit card, or as a standard credit card dependant on consumers' preferences and credit score.



Interested consumers can reserve their HomeCards now by enrolling at www.theHomeCard.com, he said.



“Buying and retaining a home is one of the most important financial and quality-of-life decisions a person or a couple makes,” Mr. Loop said. “We started The HomeCard Company and invented the HomeCard to help ease the financial end of that decision by helping consumers earn along the way and give them a path that can lead to the American dream of owning and retaining a home.”



Cash-back rewards from HomeCard range from 1% to 25% for online and in-store spending as well as access to thousands in special savings on mortgages, insurance, real estate services, moving services, phone services, cable and Internet, and more. In addition, HomeCards can be linked to FDIC-protected savings accounts to help grow a cardholder’s down payment or home repair savings even faster, Mr. Loop said.



For information, contact Jack Loop at jloop@thehomecard.com or visit www.theHomeCard.com.

MoneyGram International Doubles Its Money Transfer Network in Serbia

http://www.moneygram.comAlpha Bank begins service in 165 branch locations nationwide



MINNEAPOLIS--(BUSINESS WIRE)--MoneyGram International (NYSE:MGI), a leading global money transfer company, today announced an alliance with Alpha Bank Srbija A.D. to add MoneyGram money transfer services to more than 165 locations in Serbia. MoneyGram established its first locations in Serbia last year, and the addition of Alpha Bank doubles MoneyGram’s network in the country.



“Serbia is an important remittance market for MoneyGram,” said John Hempsey, executive vice president for MoneyGram International and head of Europe, the Middle East, Africa and Asia Pacific. “MoneyGram transaction growth has been strong in Serbia this year as value conscious consumers chose MoneyGram for our affordable, reliable and convenient service.”



In 2008, Serbians received an estimated $5.5 billion in remittances according to the World Bank, primarily from Germany, Austria, Switzerland and the United States.



Mr. Periklis Drougas, a member of the Executive Board for Alpha Bank Srbija A.D., said “Alpha Bank is eager to expand our services to our clients by adding MoneyGram’s money transfer service at our locations. The contract with MoneyGram and the implementation of the service throughout our countrywide branch locations supports our regional strategy of constant improvement of the services for our clients. In addition, we’re proud to become an important business partner to MoneyGram, which is recognized worldwide for the quality of its service and providing value to customers.”



All Alpha Bank locations in Serbia are available for MoneyGram money transfer transactions beginning today, which enhances the convenience of MoneyGram’s affordable and reliable money transfer service across Serbia.



MoneyGram’s Hempsey added, “Our growth in Serbia is just beginning. We remain focused on providing the greatest value for global money transfer services in Serbia through highly convenient locations.”



To collect funds in Serbia, customers can visit any MoneyGram agent location, provide the required identification and collect funds in euros in as little as 10 minutes from when funds were sent, based on agent availability and local regulation. Customers can send up to 1,000 euros from Germany to Serbia for a fee of only 24 euros.



About MoneyGram International



MoneyGram International offers more control and more choices to people separated from family and friends by distance or those with limited bank relationships to meet their financial needs. A leading global money transfer company, MoneyGram International helps consumers send money around the world with funds arriving at available agent locations in as little as 10 minutes. Its global network is comprised of 186,000 agent locations in 190 countries and territories. MoneyGram's convenient and reliable network includes retailers, international post offices and financial institutions. To learn more about money transfer at an agent location please visit www.moneygram.com or find us on Facebook.



About Alpha Bank



Founded in Greece in 1879, Alpha Bank is one of the leading banking and financial groups in Southeast Europe with over 650 branches in the region. Its 130 year history of stable corporate foundations and three simple principles: transparency, reliability and responsibility contribute to the bank’s success. Under the slogan “Together, we have a great future,” Alpha Bank opened its first locations in Serbia in 2005. Today, it operates 165 branch offices in more than 100 municipalities in Serbia; Alpha Bank has earned its place among the biggest banks in the country.







Reblog this post [with Zemanta]

SecureWorld Expo 2010 Events







Event: Philadelphia SecureWorld Expo 2010
Date: 12 May-13 May 2010
Location: Valley Forge Convention Center, Philadelphia PA
Organizer: SecureWorld Expo
Homepage: http://www.secureworldexpo.com/




SecureWorld Expo provides security education and training with nearly 60 sessions including: Cloud Computing, End Point Security, Data Privacy, Risk Management, PCI Compliance, Cybercrime and much more.



Exhibit floor featuring nearly 50 exhibitors with the latest products and services available to effectively secure your enterprise. Earn 12-16 CPE credits toward your CISSP certifications.



SecureWorld regional conferences deliver the most affordable, highest quality security education, training and networking right to your community.



Secureworld Expo Events:


 



Albert Gonzalez' Plea Agreement

If you'd like to read Alberto Gonazlez' entire plea agreement in PDF format, I've provided a link at the end of this post.  Click the doc on the right to enlarge.







In an earlier press release, regarding this case, Carmen M. Ortiz and Steven Ricciardi, Special Agent in Charge of the United States Secret Service, announced that STEPHEN WATT, age 25, of New York, was sentenced to 2 years’ imprisonment, to be followed by 3 years of supervised release, a condition of which was electronic monitoring of any computer use.



He was ordered to pay restitution in the amount of $171.5 million dollars. WATT pled guilty to conspiracy charges on October 28, 2008. 



Click here to read the plea agreement in it's entirety.



to read the entire plea agreement)













TJX Sniffer Writer Gets Jailed, Ordered to Pay $171.5 Million





Stephen Watt (pictured on left) was sentenced to 2 years in prison and 3 years probation.  Regarding the $171.5 million dollars...do you think he gets an installment plan?  His protege, Alberto Gonzalez gets sentenced today...



FOR IMMEDIATE RELEASE

WWW.USDOJ.GOV/USAO/MA



CONTACT: CHRISTINA DiIORIO-STERLING

PHONE: (617)748-3356

E-MAIL: USAMA.MEDIA@USDOJ.GOV



HACKER SENTENCED FOR PROVIDING DATA THEFT TOOL IN NATIONAL IDENTITY THEFT CASE




BOSTON, MA - A New York man was sentenced late yesterday in U.S. District Court for providing a “sniffer” program used to monitor and capture data including customers’ credit and debit card information as it traveled across corporate computer networks.



Carmen M. Ortiz and Steven Ricciardi, Special Agent in Charge of the United States Secret Service, announced that STEPHEN WATT, age 25, of New York, was sentenced to 2 years’ imprisonment, to be followed by 3 years of supervised release, a condition of which was electronic monitoring of any computer use.



He was ordered to pay restitution in the amount of $171.5 million dollars. WATT plead guilty to conspiracy charges on October 28, 2008.



WATT was a member of a conspiracy which, between 2003 and 2008, unlawfully gained electronic access to corporate computer networks using various techniques, downloaded customers’ credit and debit card information, and fraudulently used that information and sold the information to others for fraudulent use. WATT modified and provided a “sniffer” program used by the conspirators to monitor and capture the data crossing TJX’s computer network.



The case was investigated by the United States Secret Service. It was prosecuted by Assistant U.S. Attorney Stephen Heymann Chief of Ortiz’s Computer Crime Unit in collaboration with Jennifer Ellickson and Kimberly Keifer Peretti of the U.S. Department of Justice’s Computer Crime and Intellectual Property Section.



###

BitDefender Malware and Spam Survey Finds E-Threats Shifting With International Current Events and the Rising Popularity of Web 2.0



Cybercriminals Continue to Find Creative Means of Distribution in the Second Half of 2009

MOUNTAIN VIEW, CA--(Marketwire - December 28, 2009) - Malware writers have preserved their focus on web-based attacks while actively looking for new methods to disseminate their products, according to BitDefender®, an award-winning provider of innovative anti-malware security solutions. Today, BitDefender released the results of its malware and spam survey from July through December 2009, showing an increase in a wide range of threats, from the exploitation of international news events to higher levels of spam being disseminated through social networking platforms aiming to curb marketing costs in a down economy.



Malware Threats in Review




Over the last six months, malware writers have continued their efforts to infect computer users in order to receive direct financial gain and/or to seize control over their machines. Trojan.Clicker.CM holds as the number one e-threat for the second half of the year. It's used to force advertisements inside the users' browsers when visiting grey area websites (such as porn websites or services offering "warez" software). The alarming infection rate reveals that malware authors are driven by profit, while cyber-criminals are motivated by pay-per-click fraud.



Along with the already "traditional" Trojan.Clicker.CM infections, Win32.Worm.Downadup has been one of the most notorious e-threats of the past six months. Malware authors' top choice of distributing their e-threats remains the web, but Autorun-based techniques have been rapidly gaining ground. By default, every removable storage device features an autorun.ini script that instructs the computer on which file to execute when the medium is plugged in. However, malware authors frequently tamper with the file to make it launch miscellaneous malicious applications. Although extremely useful for non-technical computer users, the feature has been completely discarded in Windows Vista SP2 and Windows 7 in order to prevent infections.



"In the second half of 2009, we saw international events such as the advent of the H1N1 Swine Flu exploited to their full extent by malware authors in order to launch new infections," said Vlad Vâlceanu, Head of BitDefender Antispam Research Lab. "As cybercriminals continue to look for ways to enhance their e-threats, now more than ever, it's essential for computer users to make sure they have a security solution in place that can provide them with advanced, proactive protection."



During the last six months the most active countries in terms of malware propagation were China, France and the United States, followed by Australia (up one place from the first half of 2009), Romania (also up one place) and Spain (down one place).

World's Top 10 Malware from July-December 2009
01. Trojan.Clicker.CM 8.97%
02. Trojan.AutorunINF.Gen 8.41%
03. Trojan.Wimad.Gen.1 4.41%
04. Win32.Worm.Downadup.Gen 4.13%
05. Exploit.PDF-JS.Gen 3.39%
06. Win32.Sality.OG 2.60%
07. Trojan.Autorun.AET 1.97%
08. Worm.Autorun.VHG 1.59%
09. Trojan.JS.PYV 1.50%
10. Exploit.SWF.Gen 1.47%


Spam Trends in Second Half of 2009




During the second half of 2009, the spam landscape has remained relatively unchanged, with Canadian Pharmacy positioned as the top worldwide spammer. Most of the messages advertised sexual enhancement products such as alternative replacements for Cialis, Viagra and Levitra. This is an extremely lucrative field of spam, mostly because the products ordered via Canadian Pharmacy webshops never make it to the customer, who is often too ashamed to report these issues to the authorities. More than that, these online payments are extremely risky, since the spammer has access to the used credit card details and can draw any amount of money at will.



Spam messages account for 88.9 percent of the total amount of electronic messages sent worldwide. Text-based messages are the most frequently encountered form of spam, while image-based spam is extremely rare, with only 2.3 - 2.5 percent. The average size of a spam message is 3.5 Kb, although their size usually varies from 2 Kb to 9 Kb, depending on the approach.



In the second half of 2009, spammers have especially exploited international or national media events to lure their victims into opening the messages. One of the most important spam campaigns was launched after the controversial death of pop-star Michael Jackson. Back in July, BitDefender identified multiple spam waves allegedly offering more info on Michael Jackson's unknown killer, but actually carrying sexual enhancement drug ads and malware.



The Top 10 list for the second half of 2009's most advocated content through e-mail spam includes:

1    Medicine Spam
2 Phishing Links
3 Product Spam/Knockoff
4 Malware Attached
5 Software/OEM
6 Loan/Insurance
7 Employment
8 Education
9 Pornography (non dating)
10 Dating




Web 2.0 Threats




Spamming is also a common practice among Web 2.0 service users, such as social networking. While Twitter and Facebook have imposed strict policies on spamming, some other social network services have barely taken into account this possibility. For instance, the professional network LinkedIn has become the favorite playground for people and organizations offering miscellaneous services. Spammers attempt to join users' professional networks and then bomb them with messages advertising their products or services.



During the past six months, BitDefender has identified multiple variations of LinkedIn spam -- a warning sign showing that the precarious state of the global economy pushes more and more providers into abusively marketing their services via social networks.



While spam and phishing sum up almost 80 percent of the e-threats related to social networks, worms exploiting large platforms have rapidly escalated. During the last six months of 2009, numerous families of worms have been pestering the largest social networks such as Twitter, MySpace and Facebook.



Initially spotted on August 2008, the Koobface worm has been one of the most active and destructive e-threats affecting social networking platforms. The cyber-criminal team behind the worm has released multiple variants of it in order to extend their reach with multiple social networking services. The viral infections took most of the platforms by surprise and the damage inflicted to users was beyond imagination, disabling some of the commercially-available antivirus utilities and exporting sensitive data such as e-banking credentials and IM passwords to a remote location. The infection technique was simple yet efficient: the worm used compromised accounts to lure friends into clicking the infected links.



The Phishing Landscape





Compared to the first half of 2009, the amount of phishing messages has remained relatively unchanged, although phishers have switched their focus to institutions that could bring them the most profit in the shortest timeframe. Primary targets are PayPal, Visa and eBay, followed by HSBC, American Express and Abbey Bank. Ally Bank and Bank of America rank last with a little over one percent of the total amount of phishing messages. These messages mostly target English-speaking computer users who are using the services of at least one of the institutions previously mentioned.



BitDefender Labs found that most web 2.0 phishing attempts in the first half of 2009 relied on social engineering schemes and speculated user naivety. The Twitter Porn Name scam is a good example. Users were invited to reveal their first pet name, as well as the first street on which they lived. These names are usually employed as backup/security questions. An e-crook possessing a person's username along with these "clues" can easily retrieve a password that he or she can later employ to access the account and send spam, access transactions, or use the account in whatever way necessary to make a profit, including demanding a ransom for release of the hijacked account.



"2009 witnessed a wide range of security threats aiming at both end-users and at corporate networks," Vâlceanu commented. "Extra caution and a highly-rated antimalware solution with antispam, antiphishing and antimalware modules are a must-have for anyone surfing the web in 2010."



For more information on this survey, please visit http://download.bitdefender.com/resources/files/Main/file/H2-2009-Malware-and-Spam-Review-final.pdf



To stay up-to-date on the latest e-threats, sign-up for BitDefender's RSS feeds here.



About BitDefender® BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

CellPhone Encryption Cracked





Karsten Nohl, a 28 year old engineer and encryption expert, said yesterday that he broke the 64-bit A5/1 encryption algorithm used to secure GSM phone calls around the world. 



BTW...hope the Square doesn't rely on GSM encyrption when they claim that your card numbers are "encrypted."  HomeATM's 3DES DUKPT encryption takes place inside our PCI 2.x PIN Entry Device. 



According to the New York Times
, (see below) Nohl made the claim at the Chaos Communication Congress conference in Berlin. He argued that the current algorithms used to encrypt phone calls are not adequate enough to prevent lapses in security...



Cellphone Encryption Code Is Divulged







BERLIN — A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.



The action by the encryption expert, Karsten Nohl, aimed to question the effectiveness of the 21-year-old G.S.M. algorithm, a code developed in 1988 and still used to protect the privacy of 80 percent of mobile calls worldwide. (The abbreviation stands for global system for mobile communication.)

“This shows that existing G.S.M. security is inadequate,” Mr. Nohl, 28, told about 600 people attending the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin. “We are trying to push operators to adopt better security measures for mobile phone calls.

 Continue Reading at NYT



















Reblog this post [with Zemanta]

Amazon Kindle Copyright Hacked: PDF Books Up for Grabs!









Tanya Hall is reporting for Gadjit that hackers successfully cracked the copyright protections of Kindle...

In the spirit of giving, hackers have claimed success in cracking copyright protections on Amazon’s Kindle eReader, allowing eBooks to be exported to other devices.



The eBooks will take the form of a pdf file, allowing it to be easily shared around the Kindle community and other file supporting devices.



Israeli hacker Labba is taking the kudos for this hack, after responding to a challenge on hacking forum: hacking.org.



US hacker i♥cabbages has also created a programme dubbed “Unswindle” (yes, rhymes with Kindle…) that converts books stored in the Kindle for PC app into a different file format for use elsewhere.



Kindle for PC allows customers to buy books to read on their PCs without having to purchase a Kindle reader.



Continue Reading at Gadjit







Reblog this post [with Zemanta]

Hacker (Soup Nazi) to Plead Guilty Today in Bawston





According to the Boston Globe, the hacker known as Soup Nazi, Alex Gonzalez...the man who took down Heartland, Hannaford, 7-Eleven, TJX, and more will plead guilty today and be sentenced to no less than 17 years in prison. 

Albert Gonzalez, 28, the hacker accused of helping to orchestrate the biggest credit card theft in US history, is expected to plead guilty to two charges in US District Court in Boston today.



Prosecutors accused Gonzalez and his partners of stealing more than 130 million credit and debit cards by hacking into computers of several retailers, including 7-Eleven Inc., the supermarket chain Hannaford Brothers Co., and Heartland Payment Systems, a New Jersey company that processes card payments for thousands of businesses.



Under a plea agreement, Gonzalez will plead guilty to conspiracy and conspiracy to engage in wire fraud. Prosecutors agreed not to seek a sentence of more than 25 years; Gonzalez agreed not to seek a sentence of less than 17 years. He originally faced up to 35 years in prison.  (see Hacker seeks reduced sentence, citing Asperger's





Reblog this post [with Zemanta]

Hacking Industry Heads Top Five Data Security Threats for 2010s, warns Imperva





Malware, botnets, phishing and online banking lead list...



From ITWire:






Hacking will become a more potent threat over the new decade as criminals evolve illegally accessing computers into an industry, according to Imperva, the Data Security leader.



Imperva predicts five key security trends for the 2010s:

  • The industrialisation of hacking, with clear definition of roles developing within the hacking community forming a supply chain that starkly resembles that of drug cartels. The weapons of choice will be automated tools such as malware distributed via botnets.




  • A move from application to data security as cyber-criminals look for new ways to bypass existing application security measures and focus on obtaining the valuable data itself via insider. The fast growth in the number of applications that access enterprise data pools will make application security approaches much less cost effective than a security approach that is data centric.




  • Increasing attacks on social network sites where vulnerable and less technically savvy groups are susceptible to phishing attacks and malware.




  • An increase in password theft/grabbing attacks as it is perceived that by obtaining credentials for one application - like an email account - these will also apply to other applications such as online banking and Paypal accounts




  • A move from reactive to pro-active security as organisations move from sitting back and waiting to be breached, to actively seeking holes and plugging them.


Continue Reading









Reblog this post [with Zemanta]

Disqus for ePayment News