Tech Alert Briefing for 12/14/2007
December 14, 2007
Update covering December 7 - December 13, 2007
Welcome to Tech Talk! In this edition, BOL Gurus John Burnett and Andy Zavoina write about a new targeted Trojan attack, executive phishing, and more.
You'll read about:
Get the details below.
Beware of Phishing and Pharming
According to the Anti-Phishing Working Group, phishing attacks reached an all-time high last year. Designed specifically to educate and assist financial institutions, Harland Financial Solutions? Phishing Response Kit provides a detailed checklist and directives to help institutions respond in the event of a phishing scam. Download the complete kit here.
Training on CD-ROM
Remote Deposit Capture:
Images or ACH?
Network & Internet Security
Patch & Vulnerability
Trojan Targets U.S. Banks
ComputerWorld is reporting on a very sophisticated Trojan that is targeting its attacks and thereby staying under the radar. One of the effective processes this malware is using is mimicking the steps a person would follow to move funds. It penetrateslarge business accounts and wires funds to hacker-controlled accounts. The Trojan has been effective enough to get funds from commercial accounts in the U.S., U.K., Spain and Italy. While hitting only a few banks, $200,000 has already been taken from monitored accounts.
Play it Again, Sam!
We know. You've heard this song before. But it's time, once again, to warn your management about phony "official" email messages targeting executives. The U.S. Treasury Department is the purported sender in the latest round of personalized phishing messages that claim to be about a complaint against the recipient's company. If you can filter these messages out, you'll be ahead of the game. If you can't, spread the word! Get more information from this SC Magazine article.
The FFIEC has issued guidance for use by financial institutions in identifying the continuity planning needed to mitigate the effects of a pandemic. Read the FFIEC press release and their guidance document, Interagency Statement on Pandemic Planning, on BOL's Disaster Issuances page.
US-CERT released a warning that it is aware of an active exploit allowing a Microsoft Access database file to facilitate the installation of unauthorized programs on a user's machine.PCWorld has more details on the exploit and potential vulnerability.
Patch Tuesday Targets IE and Media Players
Microsoft's December security updates are included in seven bundles, but address eleven weaknesses, several of them rated critical. Four fixes for Internet Explorer 6 and IE7 on Windows 2000, XP and Vista machines are particularly important. Other patches affect the components used by Windows to play audio and video files. Get more details in the Washington Post's Security Fix column.
Are iPhones the Next Big Target?
Arbor Networks, a Lexington, MA, network security research firm, believes that iPhones will be targeted by a serious attack in 2008. Given the wide popularity of the Apple/AT&T smartphone, Arbor suggests that dedicated hackers will fight to be the first to successfully hack the new device. More information is available in the Computerworld article.
FTC Targets Payment Processor
Have you had customers complain aboutcard transactions involving fraudulent or deceptive telephone or internet merchants? The FTC and seven state attorneys general have charged a payment processor using the names Your Money Access, LLC d/b/a Netchex Corp., Universal Payment Solutions, Check Recovery Systems, and others listed in the FTC press release, with violating state and federal laws by charging, or attempting to charge, consumers' bank accounts on behalf of fraudulent merchants. Read the FTC press release and the InfoWorld Security article.
Digging for Rootkits
Prevx, a malware research firm, estimates that one in five personal computers is infected with a rootkit. These rootkits can allow a thief to monitor, record, modify, steal and transfer data from an infected machine. From October to December rootkit infection rates have risen from 15.6 percent to 22 percent of PCs. This is a huge increase and IT administrators would be wise to add rootkits to their regularly scheduled virus and malware checks. PCWorld has more on this story.
Rootkits Are Bad Enough, But Malware Has Exploded!
F-Secure, a Finnish security vendor, has released information on malware statistics. Through the end of 2006, they counted 250,000 samples. Vendors' estimates of malware infections vary widely. This PCWorld article reveals the F-Secure estimate and malware trends generally.
Do You Have a Taste for CAN-SPAM?
In 2004 the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM) took effect. You're getting less spam now, right? When you're done laughing, go to the AFP story to see how (in)effective the Act has been.
Phony coupons? Malicious e-postcards? Counterfeit Amex gift checks? Vote on the BOL home page to help us compile a list of the scams our readers see. Thanks for participating!
Vista Service Pack Preview
Microsoft released the preview of Windows Vista Service Pack 1 (SP1). This "Release Candidate" version will require users to take several preliminary steps before installation. Those steps will be taken automatically on users' systems when the final SP1 version is released. To find out more and perhaps initiate the testing process on your own system, look at the ComputerWorld article for information and links.
Speaking of Service Packs
Reuters reports on the Microsoft Office 2007 Service Pack 1, released December 11. The update can be manually downloaded. It won't be "pushed" to most users for three to six months (although users of some Microsoft "beta" products have seen the massive update appear already, according to this InfoWorld article). Office 2007 SP1 is intended to improve both the stability and performance of the MS Office suite.
No Room for Updates?
If you are not interested in installing updates for Vista or the XP operating systems, Microsoft has issued a tool to block them. The tool is aimed at businesses that need time to complete compatability testing before updates are installed. PCWorld has the details, including links and descriptions of the three versions of the tool.
Cell Phones Can BeReally Expensive Modems
Piotr Staniaszek of Calgary, Alberta, has a $10 unlimited mobile browser plan for his cell phone. He decided to use it as a modem connection for his computer. When his first bill came in for $60,000, he knew it was a mistake. An amended bill came in, and it was higher. Find out how this happened on theglobeandmail.com.
Laughter Can Be the Best Medicine
As we close today's Tech Talk, we realize you are under a lot of stress with end-of-year reporting, budgets, malware, andholiday shopping, cards and lights. This one minute and forty second YouTube video is guaranteed to provide relief. If you can't watch it at work, it will be worth the wait to pull it down on your home machine.
75 Make Latest US-CERT List
The US-CERT Vulnerability Summary for the Week of December 3, 2007, lists 35 High, 36 Medium and 4 Low severity vulnerabilities. High severity weaknesses were reportedin Apple QuickTime 7.2, Mac OS X 10.5, two Linux products, MIT Kerberos 5, and more.
Subscribe to Tech Talk and BOL Tech Advisories
Archived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.
First published on 12/13/2007