Source: Threat Level
The URLZone trojan not only performs money transfers out of a victim's bank account, but also re-writes HTML from the bank website on the fly so that the victim can't see the transfer in the account statement. This gives the criminals a larger window in which to cash out.
Wednesday, 30 September 2009
Friday, 11 September 2009
Cyber Thieves Steal $447,000 From Wrecking Firm
Source: Security Fix
In his continuing coverage of phishing and money mules in the USA, Brian Krebs gives details of a wrecking firm that was hit for a massive $447,000, not all of which was successfully looted. The interesting fact in this case was that the bank used a form of two-factor authentication -- a USB key fob which generates a new six-digit code every minute. Unfortunately, this kind of authentication is vulnerable to a man-in-the-browser attack, which is how the crooks operate, using malware called "Zeus".
In his continuing coverage of phishing and money mules in the USA, Brian Krebs gives details of a wrecking firm that was hit for a massive $447,000, not all of which was successfully looted. The interesting fact in this case was that the bank used a form of two-factor authentication -- a USB key fob which generates a new six-digit code every minute. Unfortunately, this kind of authentication is vulnerable to a man-in-the-browser attack, which is how the crooks operate, using malware called "Zeus".
Saturday, 5 September 2009
More Business Banking Victims Speak Out
Source: Security Fix
In a follow-up to earlier reporting about account-siphoning and money mules in the US, Brian Krebs gives us another report which includes names of Western Union transfer recipients in the Ukraine, and quotes from one of the mules in question. Note that this mule was soft-recruited by first being given text-correction work, then offered promotion to mule status when it was time to be paid for that work. "Be paid for correcting text" is the new money mule lure.
In a follow-up to earlier reporting about account-siphoning and money mules in the US, Brian Krebs gives us another report which includes names of Western Union transfer recipients in the Ukraine, and quotes from one of the mules in question. Note that this mule was soft-recruited by first being given text-correction work, then offered promotion to mule status when it was time to be paid for that work. "Be paid for correcting text" is the new money mule lure.
Subscribe to:
Posts (Atom)
