Security experts and the federal government are warning that scam artists are leveraging public concern over the global financial crisis to steal sensitive financial data and spread malicious software. In an alert posted Thursday, the Federal Trade Commission urged Internet users to be on guard against e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage. "In fact, these messages may be from 'phishers' looking to use personal information -- account numbers, passwords, Social Security numbers -- to run up bills or commit other crimes in a consumer's name," the FTC said. Security firm Arbor Networks details two recent malware attacks that try to trick recipients into opening an e-mail attachment. One e-mail, claiming to have been sent by the Federal Deposit Insurance Corp., warns recipients that their bank accounts were involved in fraudulent activity. The attached file,
10/10/2008

Apple on Thursday released software updates to fix a slew of security issues in computers powered by its OS X operating system. Separately, a new version of the Opera Web browser is available that addresses a pair of serious security flaws. Apple's seventh big bundle of updates so far this year plugs more than 40 security holes in the operating system and other software for Mac OS X 10.4 and 10.5 desktops and server versions. Among the applications tweaked in this update are Apache, Finder, and ClamAV, the anti-virus software that ships with OS X server products. The updates are available via the built-in Software Update feature, or directly from Apple's software downloads Web site. For whatever reason, Opera still does not offer an auto-update feature. Opera users can grab the newest iteration of the browser, version 9.6, from Opera's Web site. In addition to the two security patches, the
10/10/2008

Security Fix has spilled quite a bit of digital ink chronicling the demise of Atrivo (a.k.a. "Intercage"), a now-defunct Northern Calif. based Internet service provider that served as home base for a large number of cyber criminal operations. Happily, data released this week about a short-lived but precipitous decline in the level of badness online after Atrivo was shut down illustrates just how bad Atrivo was. Internet security firm MessageLabs said it observed a significant drop in the level of spam and botnet activity (PDF) after Atrivo's upstream Internet providers pulled the plug on the company last month. The graphic to the right shows a collapse in the level of spam emanating from computers infected with the some of the nastiest spam-enabling malware, including the Storm worm, Cutwail, Srizbi and MegaD. MessageLabs said the decline was due to the fact that a large number of command and control networks used
10/09/2008

About 10,000 users of LinkedIn.com, the social networking site for professionals, recently were targeted by a tailor-made scam that urged recipients to open a malicious file masquerading as a list of business contacts. Most e-mail-based malware attacks and phishing campaigns designed to trick people into handing over personal and financial data generally are blasted out indiscriminately. But so-called "spear phishing" attacks - such as the bogus LinkedIn campaign -- address recipients by name in the subject line and body of the message to appear more legitimate. The messages in this campaign were of course spoofed to look like they were sent from support@linkedin.com, with the subject line "Re: business contacts." The message read: [recipient's name] We managed to export the list of business contacts you have asked for. The name, address, phone# , e-mail address and website are included. The list is attached to this message. After you you check
10/08/2008

The son of a prominent Democratic Tennessee state lawmaker was indicted Tuesday on charges of hacking into the Yahoo! Web mail account of Alaska Gov. Sarah Palin. David C. Kernell, 20, of Knoxville, was indicted by a federal grand jury on a single count of accessing Palin's e-mail without permission. The FBI said Kernell turned himself in to federal authorities and will be arraigned today. Kernell is the son of Tennessee State Representative Mike Kernell, who acknowledged shortly after the incident that authorities had contacted his son in connection with the investigation. According to the indictment, on Sept. 16, Kernell broke into Palin's Yahoo! account by guessing the answers to her pre-selected "Secret Questions" that must be answered before Yahoo! will let users reset e-mail account passwords. Authorities say Kernell read Palin's e-mail messages and then made and posted online screenshots of the e-mail inbox, along with the new password
10/08/2008

While political polls may show Sens. Barack Obama and John McCain locked in a close race for the White House, junk e-mail purveyors have a clear favorite. According to research by Secure Computing, spammers are seven times as likely to invoke Obama's name in a subject line in a bid to trick people into opening the missives. The company found that spam touting either candidate peaked around the middle of the Republican National Convention. Still, for the month of September, political-themed junk e-mail favored Obama 84 percent of the time, while spam campaigns mentioning McCain made up just 12 percent of the total, Secure Computing said. The vice presidential race, on the other hand, appears to be far more competitive - at least from the spammer's perspective. Secure Computing found that about 1.9 percent of fake political spam last month named Alaska Gov. Sarah Palin in the headline, while
10/07/2008

U.S. corporations, governments and universities reported a record 516 consumer data breaches in the first nine months of this year, incidents prompted chiefly by hackers and employee theft, according to a report released today by a nonprofit group that works to prevent fraud. The Identity Theft Resource Center, of San Diego, found that this year's data breach tally has easily eclipsed 2007's 446 incidents. At an average of 57 caches of consumer data reported lost or stolen each month, U.S. organizations are on track to divulge at least 680 breaches by the end of 2008. About 80 percent of the breaches involved digital records, while the remainder stemmed from the loss, theft or exposure of paper-based records. A description of each incident is available in the Identity Theft Resource Center 's 2008 Breach List (PDF). Some 30 million records on consumers have been exposed so far this year. But experts
10/05/2008

The states have been busy of late enacting laws that address a broad spectrum of security protections, from outlawing radio frequency identification (RFID) tag tracking to requiring organizations to encrypt sensitive data whether it is stored on a computer or sent over the Internet. California Gov. Arnold Schwarzenegger this week approved a bill that would make it illegal to secretly scan the data encoded on unsecured RFID chips for the purposes of tracking, identity theft or counterfeiting the devices. RFID tags are tiny chips that are now commonly embedded into many retail products, student IDs, drivers' licenses, passports and medical ID cards. Most RFID tags are "passive," in that they have no internal power supply and are designed to be read from a few inches away, but researchers have shown that even passive tags can be read from more than 30 feet with special equipment. However, for the second year
10/03/2008

A glut of e-mail from constituents and special interest groups continued to pose problems for the Web sites for members of the U.S. House of Representatives on Thursday, as millions of Americans attempt to voice their opinions on the financial bailout package the day before an expected vote on the measure. Jeff Ventura, a spokesperson for the House's chief administrative officer, called the volume of e-mail flowing through member Web sites "staggering and unprecedented." He said more than two-dozen interest groups sending large batches of e-mail have contributed to the problem. "Advocacy groups are collecting e-mails and then shoving them into a system that was really designed for manual input, not for people to send us wholesale batches of thousands of e-mails at a time," Ventura said. Still, he said, e-mails from individual users still far outnumber those submitted in bulk. The timing of the Wall Street rescue package also
10/02/2008

October is Cyber Security Awareness Month, and it seems many people are in need of some serious awareness-raising on this front. A recent survey indicates that while more than 80 percent of computer users thought they had firewall software installed, follow-up inspections found that only half of those users actually had the software installed or running on their PCs. The data comes from a poll of 3,000 Americans conducted by Zogby International, with security vendor Symantec conducting follow-up manual computer scans on computers belonging to 400 of those surveyed. While the study suggests that Americans seem to be well aware of whether they have up-to-date anti-spyware and anti-virus software installed, only 52 percent had anti-spam filters set up, even though 75 percent thought they did, Symantec found. Fifty-one percent of those surveyed said they had been targeted by a phishing attack, a scam that uses spoofed e-mail to lure recipients
10/02/2008