BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
October 29, 2010

Welcome to Tech Talk! In this edition, Tech Talk Editors George Milner and Teri Wesley write about botnets bashing banks, ATM flash attacks and more.

Our selections from this week's tech news:
  • Banks tricked by private botnet
  • Dressing up credit cards
  • ATM flash attacks
  • PayPal pushing out banks
  • When Jekyll meets Hyde
  • Halloween tweets not so sweet
  • Frightful future for mobile banking
  • A wolf in sheep's clothing
  • Reeling 'em in
  • Leave the light off for identity thieves
  • Social engineering lives on
  • Two trojans tricking techies
  • This week's patch treats
  • and on the lighter side...
  • Get the details below.

    Susan Orr
    in a 2-hour
    LIVE Webinar

    Dec. 9th

    The Network Security Headache: Is There An Easy Remedy?

    Protecting your institution's proprietary information residing on your data network is every bit as critical as maintaining defenses against compromises of customer data. To keep current on the threats facing your institution today and learn about methods for enhancing your network's security, join Susan Orr for her non-technical presentation on treating "The Network Security Headache."

    Can't attend?
    Order the CD ROM of the program now.

    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    Happy Halloween from all of us at BOL! Enjoy an old familiar tune in this lighthearted video expressing the horrors we face in banking today.

    Visit our BOL e-Card Exchange
    to send a free Halloween greeting.

    Download Your FREE Document Design Guide: For Check Processing Automation, Image Quality/Usability & Fraud Prevention
    Consistent document design streamlines check processing and reduces false positives in fraud prevention. Download your FREE Design Guide to learn how to optimize your documents for risk mitigation, image quality/usability and check processing efficiency.

    Banks tricked by private botnet
    There's a new banking trojan in town. Likely to have been downplayed as a possible variant of the popular ZeuS and SpyEye trojans, "Feodo" began making its stealth entrance in the malware community in August. While it has similarities to its famous counterparts, security researchers believe this malware is not a toolkit and is actually in the hands of a single criminal group. Even more scary is the discovery that Feodo is targeting more than a dozen major banks and popular websites like Amazon and Google while flying under the radar of almost all AV software. Find out what attributes make this threat one to keep an eye on at Help Net Security.

    Dressing up credit cards
    Card issuers are treating their old, familiar plastic cards to a makeover. Beginning in November, Citibank will begin testing a card that has two buttons and tiny lights that provide cardholders with the flexibility to choose their payment by credit or rewards points. Known as 2G (for second generation) the cards are no thicker and just as flexible as conventional cards and can even withstand the washing machine. Read more about Citibank and other card issuers' steps away from the old magnetic strip technology at The New York Times.

    ATM flash attacks
    Hundreds of ATMs are being hit simultaneously with "flash" attacks (where multiple withdrawals are made over a very short period of time) as fraudsters exploit weak fraud detection systems used for debit cards. Replacing POS devices with special ones that record PINs and magnetic stripes or installing skimming devices on POS terminals, fraudsters are obtaining card details and PINs then using money mules to take the risk of using the fraudulent payment cards at ATMs to withdraw cash. ITworld has the story.

    PayPal pushing out banks
    PayPal isn't stopping at mobile check deposits in its quest to push banks out of the mobile payment industry. The eBay-owned company has announced three new features for its next major release of mobile banking applications that virtually eliminate the need for a debit card at all. Get the details at ITworld.

    When Jekyll meets Hyde
    The exploration of a split personality (one being good and the other evil) was vividly portrayed in the famous novel about Dr. Jekyll and Mr. Hyde. What happens when you combine two evils to become one? Malware developers are hoping to create a superior e-banking threat with their merger of the infamous ZeuS with the up-and-coming SpyEye Trojan. Krebs on Security reports on the merger and claims being boasted by the new creator.

    Halloween tweets not so sweet
    Cyber trick or "tweeting" is on the rise. GFI Software reports an increase in the number of trojans spreading online this month compared to last October. These malware attacks arrive at your PC disguised as Halloween tweets on social media sites, greeting cards and party invites with Halloween-themed attachments, and malicious website links resulting from holiday searches. Three of the top ten threats identified on the list have been around since last year. Help Net Security has the warnings.

    Frightful future for mobile banking
    Mobile devices have come a long way from making a phone call within your limited calling area to the now vast and far-reaching capabilities of reaching out and touching anyone anywhere. Add to that the ability to perform myriad transactions – including mobile banking. Technological advances are often followed by predators lurking in the dark waiting to strike. Read about the tricks cyber criminals have been up to in Horror Stories of Mobile Money Fraud at StorefrontBacktalk.

    A wolf in sheep's clothing
    A Firefox add-on created by software developer Eric Butler highlights the security concerns of using open WiFi. Targeting 26 popular online services, such as Amazon, Facebook, The New York Times and others, Firesheep is a packet sniffer that analyzes unencrypted web traffic on a WiFi connection, adds a sidebar to the Firefox browser that shows other users on the open network and gives the hacker instant access to logged-on sites. PC World has more on this. Find out how to protect your systems from http session jacking attacks at Techworld.

    Reeling 'em in
    Your customer receives an email that looks and sounds like it came from a legitimate source, a retailer they do business with often, or maybe even your bank. Trusting the content to be safe, the user clicks on the email attachment or link they are prompted to access, unaware that their browser is directed to a malicious site where malware is downloaded to steal log-in information for their bank accounts. These spear-phishing attacks are on the rise, with more than 77 attacks a day occurring within the past month. In one case the attack spoofed an organization's senior IT security executive to target 70 employees by fraudulently requesting action with a "critical update" that was actually a malicious attachment. See how this can happen to your retail customer or within your institution at Network World.

    Leave the light off for identity thieves
    More than 11 million consumers fell victim to identity theft in 2009, with an average loss of $4,840. With every trick they can use to collect your customers' personal information, identity thieves drain accounts, open credit cards and create financial mayhem at a high cost to consumers - and in many cases, your institution. Shredding personal or financial paperwork is one of the most basic precautions against ID theft. Have your bank sponsor a free community shredding event to help your customers thwart ID theft and provide them with tips like these in NewsFactor.

    Social engineering lives on
    Phishing, skimming, spoofing and hacking are popular methods being used by fraudsters today. But the age-old art of social engineering remains a very real, ever-present, increasing threat. At the recent Defcon 18 conference, this was proven in a contest where participants targeted major companies. The results were alarming. Get the details at Infosec Island. The full report is available at Social-Engineer.Org.

    Two trojans tricking techies
    If your organization is still running any pre-Vista operating systems, beware of a Firefox trojan that is targeting older systems. Security firm Trend Micro has reported a vulnerability in both Firefox 3.5 and 3.6 that causes a "drive-by download" and runs a malicious file without the user's knowledge. It then connects to a remote server, which cyber criminals can use to send commands to the affected system. Read more about this threat at ITworld and make sure you follow through with Firefox's patch listed in our weekly patch updates below. And, if there are any Macs in your corporate network, Macintosh's security site, SecureMac, is warning Mac OS X users about a new trojan being distributed through social networking sites and email. The trojan.osx.boonana appears as a link to a video in messages on Facebook and other social networking sites as well as email, tricking users into clicking on the link with the text "Is this you in this video?" Once the link is accessed, the trojan runs a Java applet that downloads other files to the infected PC, including an installer, which launches automatically. Get the details and the link to SecureMac's free removal tool for your systems running OS X at PC World.

    This week's patch treats

    Subscribe to Tech Talk and BOL Tech Advisories

      In the Banker Store
    CD ROM Training
    "Social Engineering"
    What the Red Flag Regulations Missed
    Recognizing Swindles, Scams & Cons (Video)
    Video Training
    Swindles, Scams & Cons
    CD ROM Training
    for your Customers Requirements
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.