$567 million electronic bank theft foiled; botnets, web mobs and related trouble

There are no major issues this week, but three related items in the security section about botnets, organised e-crime and the failure of good security technology applied in the wrong ways should make interesting reading.

This issue's topics:

Introduction:

* $567 million electronic bank theft foiled; botnets, web mobs and related trouble

Virus News:

* Java Trojan targets IE, even via Firefox

* Network worms in decline?

* $567 million e-heist foiled

Security News:

* MS05-004 updated

* Honeynets not all sweetness and light

* Web mobs becoming organized

* Note limitations of two-factor authentication warns expert

Introduction:

First up, some administrivia. With next weekend being Easter, and specifically Friday being a public holiday, the next issue of the Watch will be posted out on Thursday next week.

And, having written myself into a tight time corner, I'm going to make the introduction section very brief.

In fact, that's relatively easy as there are no major issues in either section this week, but three related (although not necessarily obviously so) items in the security section about botnets, organised e-crime and the failure of good security technology applied in the wrong ways should make interesting reading at the end of the security section.

Virus News:

* Java Trojan targets IE, even via Firefox

The point of this particular item is that, if you or a user gives an un-trusted Java applet permission to assume advanced security permissions, it is really just like downloading and running any other arbitrary program...

F-Secure Security Information Centre

Sophos Virus Info

* Network worms in decline?

Mikko Hypponen, director of anti-virus research at Finnish security and antivirus firm F-Secure, has pointed out that network worms seem to be in decline. Hypponen's comments were reported from the WebSec 2005 Conference in London earlier this week, where he pointed out that self-mailing viruses (also often labelled 'worms' or 'email worms') were still holding their own. However, pure network worms that only, or primarily, spread through security vulnerabilities exposed on unprotected network-connected computers were in notable decline, according to Hypponen. Hypponen also commented on other recent trends in malware - see the linked article for these.

The strange decline of computer worms - The Register

http://www.theregister.co.uk/2005/03/17/f-secure_websec/

* NZ$567 million e-heist foiled

Israeli man Yeron Bolondi, 32, has been arrested and charged with deception and money laundering crimes as a result of an extended investigation by the UK's National Hi-Tech Crime Unit (NHTCU). The NHTCU and the affected bank, Sumitomo Mitsui, are keeping tight-lipped about the details of the crime and its investigation, but the NHTCU clearly worked in close cooperation with Israeli, and possibly other foreign, police forces.

The arrest occurred in Israel as Bolondi believed he was transferring GBP 13.9 million (NZ$35.87 million) into an Israeli account. The NHTCU and Sumitomo Mitsui have said that the investigation has been ongoing since October 2004 when the bank discovered some of its internal systems had been compromised with keystroke loggers installed. Bolondi's withdrawal was apparently the first of several, possibly involving other members of the gang reputedly involved, expected to total around $567 million.

UK police foil massive bank theft - BBC

Hacking raid on Sumitomo bank: how did they do it? - Computerworld

Security News:

* MS05-004 updated

Microsoft has added a link to the MS05004 security bulletin to a Knowledge Base article that describes issues that may be experienced as a result of installing the security updates associated with this security bulletin.

Microsoft Security Bulletin MS05-004

* Honeynets not all sweetness and light

Honeynet Project members have written an interesting paper describing their experiences using honeypot computers to track and understand the uses (and abuses) of botnets.

Botnets — aggregations of surreptitiously remote controlled computers that are commonly referred to rather colourfully as 'zombies' in the popular media — have already had significant impact on the security world, and will have even greater effects in the short to medium term. Your newsletter compiler recommends careful reading and digesting of this article.

Know your Enemy: Tracking Botnets - honeynet.org

* Web mobs becoming organised

An interesting series of related articles describing the organisation of online crime groups has just been published at Baseline. Read this with the work of the Honeynet Project from the previous item in mind and you may get an even better view of the serious problems the increasing number and size of botnets is likely to prove...

Geekfathers: CyberCrime Mobs Revealed

* Note limitations of two-factor authentication warns expert

Bruce Schneier has an interesting item in the March issue of his monthly 'Cryptogram' newsletter warning of a likely over-reliance on two-factor authentication. Note that Schneier does not say two-factor authentication is useless, but he does point out its ineffectiveness in situations where "man-in-the-middle" attacks or Trojaned systems may come into play. Again, careful consideration of this item in light of the previous two should provide some compelling reasons to expect the failure of likely inappropriate uses of two-factor authentication that are already being rolled-out in some places.

The Failure of Two-Factor Authentication - schneier.com

Join the newsletter!

Error: Please check your email address.

More about BBC Worldwide AustralasiaF-SecureMicrosoftMitsuiSophosSumitomo Australia

Show Comments

Market Place

[]