UK Police Charge 11 Over Zeus Trojan Scam

The Registier reports that UK police investigating a suspected Zeus Trojan e-banking fraud ring have charged 11 people with a variety of fraud and money laundering offences.  The accused, all east European nationals resident in Essex, participated in a series of frauds targeting customers of HSBC, the Royal Bank of Scotland, Barclays Bank and Lloyds TSB over the last three months that resulted in losses of £6m.   Eight people have been charged with fraud and money laundering offencesand two have been charged with a conspiracy to defraud.  A further suspect has been charged over possession of an allegedly false Lithuanian passport.

Score one for the good guys, but I’m pretty sure this is the tip of a very dirty ice-berg.  Zeus knowns no jurisdictional or geopolitical boundaries, and has targeted American and Canadian banks.  There hopefully will be more charges and arrests.

The Register

Yep, thought so…     The U.S. Attorney’s Office confirmed law enforcement action in the United States but would not give additional details until a press conference scheduled for 1 pm ET.   Over the last year, Zeus has come to dominate the criminal ecosystem for banking trojans. The malicious software, which is sold for hundreds of dollars by its developers, has been spreading since 2006, but jumped in popularity a year ago, according to Microsoft data. One reason for its popularity: Other developers can create and sell plugins for the software, adding features like the ability to exploit newer vulnerabilities and manage spam campaigns targeting a specific industry.


Just keeps getting BETTER!!       The FBI and the U.S. Attorney’s office in New York announced charges today against 37 people accused of being part of an international crime ring that stole $3 million from bank accounts by infecting computers with the Zeus Trojan and other malware.   Between federal and state charges, more than 60 people total are being charged in the operation, officials said.


A little bit about the UK accused profiles  –  They worked as web designers, supermarket workers, day laborers, some were unemployed.  UK police say that the group of Eastern Europeans, also made millions…


Zeus Spam Targets LinkedIn Users

The LinkedIn social networking site is being used as the lure for a spam campaign targetting UK and US businesses with the data-stealing Zeus/Zbot Trojan, according to Cisco & TechWorld.

After appearing on 27 September, by 6am EST, a bogus LinkedIn reminder email accounted for up to a quarter of all spam detected by the company in a 15-minute period.  Users are asked to review a contact request for a fictitious LinkedIn client by clicking on an embedded LinkedIn style link, taking the victim to a page that asks them to wait before sending them to Google.  Most are unaware that anything has happened, but by this point, Zeus will have attempted to load on to the target PC.

There is plenty of evidence that Zeus variants can get past many anti-virus defences, and if successful, this variant monitors browser entries for online bank account credentials.  The best defence against this attack would be anti-spam filters at gateway level of most businesses, fortified with antivirus, plus any other defences such as Trusteer’s Rapport browser plug-in which is offered to consumers for FREE by most Canadian banks.


RIM Intros BlackBerry PlayBook Tablet

Research In Motion opened its annual developer conference on Monday in San Francisco by introducing its PlayBook, which it calls the first professional tablet.  

The playbook has a 1Ghz dual core processor and 1GB of RAM.  It’s 9.7mm thick and has a 7-inch display.  It is “always on” and is intended to display HTML5 and Flash 10.1.  The playbook supports 1080p HD video with HDMI out connector for presentations, videos, and Web sites.  There is both a rear- and front-facing HD camera and it’s “enterprise ready, ready to go, compatible with your BlackBerry enterprise server, already being controlled by your IT department. It’s “an amplified view of what’s already on your BlackBerry.  No new software, security, or data plan needed.

CNET has a lot of content, including a summary transcript and additoinal links.

InfoSec Manager’s Journal

ComputerWorld’s J.F. Rice puts out a great series called the Security Manager’s Journal.  Real people submit their experiences, and they are published with anonimty for others to learn from.  Excellent resource that I have been sipping from for the past few years, and no, I have not submitted an article (yet).  This month’s “The way we’ve always done it” resonates with me from so many past engagements.  We all tend to fall back on the old familiar ways when time is a factor, or we simply don’t realize there has been a change of direction. 

Most definitely worth a read if you are involved in IT, Development, Project Management or Security.  In my career I have had to wear several of these hats, and walk in the shoes of each.  Funny how perspective can change with time to reflect on and understand how the same issue can be viewed from different sides of the business.

MSE A-V FREE To Small Business

Microsoft Security Essentials (MSE) will be released free for small businesses beginning in early October.  MSE is an antimalware solution designed to protect against viruses and spyware on Windows-based PCs.  MSE is currently only free for consumers.  Microsoft will extend that free protection to small businesses with 10 or fewer PCs and “genuine” Windows licenses in place. Microsoft remotely runs a check of the user’s computer for a genuine copy of Windows before allowing the MSE installation to take place.

There are some shortcomings to be aware of if this will be your A/V protection of choice.  MSE lacks centralized management control and other security features that enterprise IT pros require.   According to a report by competitor Symantec, hackers have already created false alerts, imitating MSE.  The idea is that users will trust those alerts, click a button and unwittingly drop malware onto their PCs. 

However, it also has some benefits.  The software runs in the background with little interaction required by the end user.  It alerts the user only when a threat has been detected, but otherwise it conducts antimalware scans quietly. 

An MSE panel shows “good” security conditions with the green color, whereas yellow and red colors indicate that an action is required by the user, as explained in a video.   If you have nothing else available, and no budget, then this is a good starting point for protecting your small business assets.

Canadian Privacy Commission Ends Facebook Investigation

ComputerWorld reports that Canada’s privacy commissioner has ended their investigation into Facebook’s privacy practices saying the social-networking site has resolved issues raised in a May 2008 complaint.

The privacy group complained that Facebook had violated Canadian privacy law by not explaining its policies on sharing information with third-party developers to users.  The complaint also accused Facebook of not identifying all the purposes for which it collects users’ information, not getting express consent to collect sensitive information, not allowing users who have deactivated their accounts to easily withdraw consent to share information, failing to destroy the personal information of users who deleted their accounts, and of failing to safeguard personal information from unauthorized access.

6 Cisco IOS Patches

Cisco has released a set of security updates for its switches and routers.  There are 6 advisories in all, fixing 12 vulnerabilities, each patch covers a different component of the Cisco IOS, including components such as Cisco’s VPN software, the Session Initiation Protocol (SIP), Internet Group Management Protocol, and Network Address Translation (NAT) software.