A lawsuit in the US concerning phishing gangs is causing big questions to be asked over how far banks should be involved in the fight against phishing.

According to a report in the New York Times the legal action is being instigated by Unspam technologies, a software and services company that helps government and businesses control unwanted messages with secure registries. The firm also helps clients monitor and track phishing messages.

The report said the group being targeted by Unspam is a group of Eastern European cyber criminals that steal bank details from business computers.

The prosecuting lawyers in the case want details from the US banks whose customers have been hacked in order to trace the criminals. The prosecution has also called on banks to increase their electronic defences to better secure customer accounts.

However, the defence claims banks have to support customer confidentiality. It's an interesting quandry which could have widespread repurcussions.

August 20, 2009 | Permalink | Comments (0)

Reports are coming in that yet another Apple Mac Trojan has been spotted in the wild, with the potential to direct a victim's web traffic to the website of the attacker's choosing.

Security vendor Trend Micro reported yesterday that the Trojan, OSX_JAHLAV.D, is the latest variant of the OSX_JAHLAV.C malware discovered in June.

Disguised as a MacCinema Installer, the Trojan prompts users trying to view certain online videos from various .com domains to download the malicious software.

"The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F," wrote Trend Micro's Det Caraig.

"The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user's activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from."

Trend Micro and others took the opportunity to warn Mac users again of the harsh reality that such attacks are no longer the preserve of PCs.

"As the popularity of the Apple Mac OS increases, it becomes a lot more mainstream and therefore offers a greater return on investment for cybercriminals," said Trend Micro senior anti virus researcher David Sancho.

"Regardless of operating systems - Windows or Mac - consumers need to ensure they have effective protection in place against internet crime and identity theft."

August 12, 2009 | Permalink | Comments (0)

Whatever the criticality or otherwise of the newly discovered bug in Windows 7, it has certainly got Microsoft rattled. The firm's Windows division president Steve Sinofsky has personally responded via the comments section of popular geek blog Chris123NT to allay fears.

The blog alleged that if a user runs the chkdsk.exe utility "you should see your memory quickly gobbled away in the chkdsk.exe process until it either stops at or around 90% or it maxes completely out and crashes the computer".

However, Sinofsky replied, saying that his team has not come across any widespread reports of such a crash.

"While we appreciate the drama of 'critical bug' and then the pickup of 'showstopper' that I've seen, we might take a step back and realise that this might not have that defcon level," he wrote.

"Bugs that are so severe as to require immediate patches and attention would have to have no workarounds and would generally be such that a large set of people would run across them in the normal course of using their PC.

"We are certainly going to continue to look for, monitor, and address issues as they arise if required. So far this is not one of those issues."

August 6, 2009 | Permalink | Comments (0)