BANKERSONLINE.COM MAIN PAGE             Print Friendly Version!    Email This Article!    Discuss NOW!
February 4, 2011

Welcome to Tech Talk!
In this edition, Tech Talk Editors George Milner and Teri Wesley write about phishing, spoofing, a hacker's guide to hacking, and more!

Our selections from this week's tech news:
  • BofA phished and spoofed
  • ATM skimmers in hiding
  • Protect or destroy your cash?
  • Data warehouse for banks
  • Bright outlook for business banking
  • Big catch by Waledac botnet
  • Two heads more dangerous than one
  • Fraud hits Apple in the Big Apple
  • Special delivery: malware
  • Copycat AVG software
  • Hacking: by a hacker
  • Don't let the MS bugs bite
  • Weekly patch news and updates
  • and on the lighter side...
  • Get the details below.

    Alan Trosclair
    in a 2-hour
    LIVE Webinar

    February 24, 2011

    Protecting card programs against risks in today's world

    Your bank's card portfolio is being hit by wave after wave of cyber criminal attacks in attempts to steal from your customers and your bottom line. Yet in today's regulatory environment, it is more important than ever to defend your bank's card profits. Join Allan Trosclair for this important presentation to learn how old schemes are being dressed up in new technologies to make them harder to detect and more efficient at attaining their criminal goals, and what your bank can do about them.

    Can't attend?
    Order the CD ROM of the program now.

    Payment Card Industry Data Security Policy Template
    On the lighter side ...
    It's hard to believe there was a time when some people didn't understand the concept of the world wide web.
    BofA phished and spoofed
    A virus researcher at SophosLabs stumbled onto a banking trojan masquerading as a billing verification email notification from Bank of America. When an unsuspecting recipient clicks on the email attachment, the self-extracting file downloads an HTML file which opens in the user's default browser. The spoofed BofA account verification page contains a form prompting the user to supply personal information including credit card details and the user's ATM pin. Sophos has the details. Experienced users should be able to distinguish the spoofed page from that of a legitimate secure site but many of your novice online banking customers may not. February 8th is Safer Internet Day 2011, sponsored by Insafe. Resources are available to help educate your customers about online safety at Safer Internet Day 2011.

    Protect or destroy your cash?
    Transporting cash from your retail and business customers to the bank has always presented security challenges. Cash systems vendor Wincor Nixdorf has designed what appears to be an all-or-nothing solution to the problem. Imagine a secure transport device that obliterates the cash it contains in the event of perceived mishandling or theft. Now imagine all the possible things that could go wrong with that concept. Get the details about this 'innovative' technology at Storefront Backtalk.

    Data warehouse for banks
    Database management provider Oracle has developed a data storage solution for banks and the financial industry. Financial Services Data Warehouse is packaged as hardware with preinstalled financial software applications, databases and other tools tailored for the financial industry for data storage, reporting and management. Techworld has the details.

    Bright outlook for business banking
    The Chinese New Year 2011 is the year of the Rabbit. For financial institutions it may be the year of business banking growth. Businesses that have weathered these difficult economic times the last few years cutting costs, paring down staff and curtailing spending are ready to start spending again, according to Margaret Ewing of consulting firm Deloitte. PC World has more.

    ATM skimmers in hiding
    English philosopher Francis Bacon said "knowledge is power." Increased awareness of ATM skimming and published reports showing skimming devices used by data thieves go a long way in helping consumers identify compromised ATMs, hopefully before they use them. Krebs on Security reports on a new, creative method of skimming that goes undetected by ATM users because the device is neither on the machine nor close enough to it to raise suspicion. Regular, thorough inspection of your ATMs and the surrounding area can help prevent this type of intrusion.

    Big catch by Waledac botnet
    Stolen email credentials can have far-reaching effects, often giving attackers access to online banking credentials, credit card accounts and more. The Waledac botnet has captured nearly 125,000 sets of FTP account credentials and 500,000 stolen email account passwords. Security firm Last Line of Defense has found that the email credentials are being used for "high quality" spam campaigns. Threatpost has more.

    Two heads more dangerous than one
    The previous rumored merger of two banking trojans, ZeuS and SpyEye, into one powerful malware kit may not be just scuttlebutt any longer. Seculert Research Labs has released its findings on what appears to be a beta version of the new ZeuS/SpyEye malware. Screen shots acquired of the merged malware reveal two control panels - one "Spy-eye like" and the other "Zeus-like" - that connect to the same back-end database. This two-headed monster doesn't bode well for banks. Read about this and other features of this software at IT World.

    Card fraud hits Apple in the Big Apple
    More than two dozen individuals have been charged by the Manhattan District Attorney for their roles in an identity theft and fencing ring targeting Apple stores around the country. The scheme used stolen credit card information purchased online from a "Web portal" to produce bogus credit cards. The fake cards were provided to straw purchasers (someone who is knowingly purchasing an item or service for someone else to hide the true identity of the actual purchaser) who used them to buy iPods, iPhones and other merchandise from Apple retail stores. With some individual purchases ranging as high as $3,000, the total value racked up by the thieves is close to $1 million. Threatpost has the story.

    Special delivery: malware
    In a new approach, spammers prey on unsuspecting victims with email messages containing a warning that an attempted product delivery was unsuccessful. But the user who clicks on the link or opens the attachment will get a delivery – just not the one they were expecting. Help Net Security has the details.

    Copycat AVG software
    Rogue antivirus programs are nothing new. These programs – also known as scareware – generate misleading alerts and false detections to scare users into purchasing illegitimate security software. Very real looking but copycat versions of AVG, one of the leading commercial and free antivirus software programs available, have been discovered. The difference is that this software installs malware instead of protection from malware. Displaying legitimate seeming GUI (graphical user interface) with the AVG AntiVirus logo prominently displayed, Threatpost warns that this rogue application can be hard to detect.

    Hacking: by a hacker
    If you want to find out how or why something works the way it does, you consult those who have been successful at it. In this Q&A with a hacker, you will learn the motivation, the technique, and the reasons for his success at making money hacking websites. You will also pick up some tips on securing or protecting your institution's website in this enlightening Infosec Island article.

    Don't let the MS bugs bite
    Last Friday after we went to press with Tech Talk, Microsoft issued a security advisory warning users of Internet Explorer (IE) about a new zero-day bug that could be used by attackers to run malicious scripts within IE. The vulnerability in Windows' MHTML (Mime HTML) protocol handler gives the attacker the ability to pose as the user on a specific site. Computerworld has the warning. TechEye Net reports that 900 million users of the popular web browser are at risk from this vulnerability and provides a link to Microsoft's fix. Make sure all your systems running IE are updated and check out other patch news and updates below.

    Weekly patch news and updates...
  • US CERT: Microsoft releases security advisory
  • US CERT: Opera 11.01 released
  • US CERT: Microsoft releases advance notification for February Security Bulletin
  • Subscribe to Tech Talk and BOL Tech Advisories

      In the Banker Store
    CD ROM Training
    "Social Engineering"
    What the Red Flag Regulations Missed
    FACTA: Responding to Identity Theft (Video)
    Video Training
    Responding to Identity Theft
    CD ROM Training
    The Network Security Headache
    Is There an Easy Remedy?
      Archived Articles on Technology and eBanking
    You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
    Technology & eBanking Archive page.
    Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too. You'll find many more related articles in our InfoVault.
      Support the vendors who support BOL!
    Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support Find them now in Our Sponsors and BOL Vendor Connect.