NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA Listmaster

NRT-0634 Cybercriminals mix methods to more effectively raid bank accounts:


In an effort to execute major fraud and evade detection, cybercriminals are deploying sophisticated, seemingly unrelated attacks, according to a press report. The attacks are a combination of online and offline activity. To avoid incident tracking, for instance, some criminals are exploiting wire transfers and ATM transactions in combination with online banking transactions. In one scenario they will observe an online account to study a customer's signature, and then forge that signature in a fax request to wire funds from the customer's account to the attacker's account, according to Security Curve's Diana Kelley.

"It's hard for financial institutions to trace [this] ... [when] somebody gets into an account online and looks around for information to start doing more effective offline attacks. If you know how much money a victim has in [an] account, you could withdraw that offline," says Kelley.

She pointed out that the Coreflood botnet Trojan, which is notorious for performing reconnaissance on its victims, as an example of this type of attack. Coreflood has stolen user account information, Web page content, digital credentials, and browser cookies.

"Coreflood is trying to steal financial information, and has stayed under the radar pretty well. It's not in‑your‑face sending out e‑mails," said Joe Stewart, director of malware research for SecureWorks. Stewart, who has tracked Coreflood closely for some time says Coreflood's attackers know a lot about their victim, including his or her company's name, and their Windows machine's registration information for instance. "They are very aware of who they are infecting," Stewart said.

(darkreading.com, 30SEP08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 16-Nov-2008 09:13:15 EST