Skip to content
Tips for Tech

Tech Alert Briefing for 12/14/2007

December 14, 2007
Update covering December 7 - December 13, 2007

Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about a new targeted Trojan attack, executive phishing, and more.


Andy


John


You'll read about:

  • a sophisticated Trojan attack on U.S. business depositors
  • the latest round of personalized phishing emails
  • FFIEC guidance on planning for pandemics
  • exploits targeting users of MS Access
  • Microsoft's December patches
  • a forecast that iPhones will be hacker targets
  • the FTC's suit against a payment processor
  • the growing threat of rootkits
  • a malware epidemic
  • the CAN-SPAM Act's legacy
  • Microsoft's preview of Vista SP1
  • a major update for MS Office
  • putting the brakes on automatic updates
  • a sorry cell phone tale
  • our prescription for year-end stress relief
  • US-CERT's latest vulnerabilities list

Get the details below.

Beware of Phishing and Pharming
According to the Anti-Phishing Working Group, phishing attacks reached an all-time high last year. Designed specifically to educate and assist financial institutions, Harland Financial Solutions? Phishing Response Kit provides a detailed checklist and directives to help institutions respond in the event of a phishing scam. Download the complete kit here.


Training on CD-ROM
Remote Deposit Capture:
Images or ACH?



Insider Tips:
Network & Internet Security

Order Now


Patch & Vulnerability
Management

Order Now
Trojan Targets U.S. Banks
ComputerWorld is reporting on a very sophisticated Trojan that is targeting its attacks and thereby staying under the radar. One of the effective processes this malware is using is mimicking the steps a person would follow to move funds. It penetrateslarge business accounts and wires funds to hacker-controlled accounts. The Trojan has been effective enough to get funds from commercial accounts in the U.S., U.K., Spain and Italy. While hitting only a few banks, $200,000 has already been taken from monitored accounts.

Play it Again, Sam!
We know. You've heard this song before. But it's time, once again, to warn your management about phony "official" email messages targeting executives. The U.S. Treasury Department is the purported sender in the latest round of personalized phishing messages that claim to be about a complaint against the recipient's company. If you can filter these messages out, you'll be ahead of the game. If you can't, spread the word! Get more information from this SC Magazine article.

Pandemic Planning
The FFIEC has issued guidance for use by financial institutions in identifying the continuity planning needed to mitigate the effects of a pandemic. Read the FFIEC press release and their guidance document, Interagency Statement on Pandemic Planning, on BOL's Disaster Issuances page.

Unauthorized Access
US-CERT released a warning that it is aware of an active exploit allowing a Microsoft Access database file to facilitate the installation of unauthorized programs on a user's machine.PCWorld has more details on the exploit and potential vulnerability.

Patch Tuesday Targets IE and Media Players
Microsoft's December security updates are included in seven bundles, but address eleven weaknesses, several of them rated critical. Four fixes for Internet Explorer 6 and IE7 on Windows 2000, XP and Vista machines are particularly important. Other patches affect the components used by Windows to play audio and video files. Get more details in the Washington Post's Security Fix column.

Are iPhones the Next Big Target?
Arbor Networks, a Lexington, MA, network security research firm, believes that iPhones will be targeted by a serious attack in 2008. Given the wide popularity of the Apple/AT&T smartphone, Arbor suggests that dedicated hackers will fight to be the first to successfully hack the new device. More information is available in the Computerworld article.

FTC Targets Payment Processor
Have you had customers complain aboutcard transactions involving fraudulent or deceptive telephone or internet merchants? The FTC and seven state attorneys general have charged a payment processor using the names Your Money Access, LLC d/b/a Netchex Corp., Universal Payment Solutions, Check Recovery Systems, and others listed in the FTC press release, with violating state and federal laws by charging, or attempting to charge, consumers' bank accounts on behalf of fraudulent merchants. Read the FTC press release and the InfoWorld Security article.

Digging for Rootkits
Prevx, a malware research firm, estimates that one in five personal computers is infected with a rootkit. These rootkits can allow a thief to monitor, record, modify, steal and transfer data from an infected machine. From October to December rootkit infection rates have risen from 15.6 percent to 22 percent of PCs. This is a huge increase and IT administrators would be wise to add rootkits to their regularly scheduled virus and malware checks. PCWorld has more on this story.

Rootkits Are Bad Enough, But Malware Has Exploded!
F-Secure, a Finnish security vendor, has released information on malware statistics. Through the end of 2006, they counted 250,000 samples. Vendors' estimates of malware infections vary widely. This PCWorld article reveals the F-Secure estimate and malware trends generally.

Do You Have a Taste for CAN-SPAM?
In 2004 the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM) took effect. You're getting less spam now, right? When you're done laughing, go to the AFP story to see how (in)effective the Act has been.

Holiday Scams?
Phony coupons? Malicious e-postcards? Counterfeit Amex gift checks? Vote on the BOL home page to help us compile a list of the scams our readers see. Thanks for participating!
Vista Service Pack Preview
Microsoft released the preview of Windows Vista Service Pack 1 (SP1). This "Release Candidate" version will require users to take several preliminary steps before installation. Those steps will be taken automatically on users' systems when the final SP1 version is released. To find out more and perhaps initiate the testing process on your own system, look at the ComputerWorld article for information and links.

Speaking of Service Packs
Reuters reports on the Microsoft Office 2007 Service Pack 1, released December 11. The update can be manually downloaded. It won't be "pushed" to most users for three to six months (although users of some Microsoft "beta" products have seen the massive update appear already, according to this InfoWorld article). Office 2007 SP1 is intended to improve both the stability and performance of the MS Office suite.

No Room for Updates?
If you are not interested in installing updates for Vista or the XP operating systems, Microsoft has issued a tool to block them. The tool is aimed at businesses that need time to complete compatability testing before updates are installed. PCWorld has the details, including links and descriptions of the three versions of the tool.

Cell Phones Can BeReally Expensive Modems
Piotr Staniaszek of Calgary, Alberta, has a $10 unlimited mobile browser plan for his cell phone. He decided to use it as a modem connection for his computer. When his first bill came in for $60,000, he knew it was a mistake. An amended bill came in, and it was higher. Find out how this happened on theglobeandmail.com.

Laughter Can Be the Best Medicine
As we close today's Tech Talk, we realize you are under a lot of stress with end-of-year reporting, budgets, malware, andholiday shopping, cards and lights. This one minute and forty second YouTube video is guaranteed to provide relief. If you can't watch it at work, it will be worth the wait to pull it down on your home machine.

75 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of December 3, 2007, lists 35 High, 36 Medium and 4 Low severity vulnerabilities. High severity weaknesses were reportedin Apple QuickTime 7.2, Mac OS X 10.5, two Linux products, MIT Kerberos 5, and more.


Subscribe to Tech Talk and BOL Tech Advisories
Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.

First published on 12/13/2007

Briefing type: 

Banker Tools View All

A collection of useful resources for various areas of the bank which have been developed by members of the BankersOnline staff or have been created and contributed by users of the BankersOnline site.

Banker Tools

Penalties View All

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Briefings

Briefing Archives