[ISN] US warns banks worldwide about BugBear virus

From: InfoSec News (isnat_private)
Date: Mon Jun 09 2003 - 22:22:32 PDT

  • Next message: InfoSec News: "RE: [ISN] The Two Faces of Foundstone (two messages)"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.smh.com.au/articles/2003/06/10/1055010959747.html
    
    Washington
    June 10 2003
    
    The US government is warning financial institutions about a virus-like 
    infection that has targeted computers at roughly 1200 banks worldwide, 
    trying to steal corporate passwords. 
    
    The FBI is investigating what private security experts believe to be 
    the first internet attack aimed primarily at a single economic sector. 
    
    Virus experts studying the blueprints for the latest threat to 
    internet users were astonished to find inside the software code a list 
    of roughly 1200 web addresses for many of the world's largest 
    financial institutions, including JP Morgan Chase & Co, American 
    Express Co, Wachovia Corp, Bank of America Corp and Citibank NA. 
    
    The destructive infection, known as "BugBear.B," has spread to tens of 
    thousands of consumer computers across the internet since last week, 
    but investigators and industry experts said they were unaware if any 
    financial institutions had been significantly affected. 
    
    Industry executives told US Treasury Department officials and other 
    banking regulators during a meeting in Washington yesterday that while 
    they were concerned that the infection targeted them, they were 
    unaffected because of tight corporate security. 
    
    The infection "was hammering the outside servers but it was being 
    rejected," said Suzanne Gorman, head of the Financial Services 
    Information Sharing and Analysis Centre, a bank cybersecurity 
    organisation that works with the US government. 
    
    "People weren't reporting that it got through to their personal 
    organisations." 
    
    The analysis centre had distributed information from the Homeland 
    Security Department to US banks using its highest-priority alert on 
    Thursday, Gorman said. The discovery of the banking web addresses 
    inside the software code "raised a lot of eyebrows," she said. 
    
    FBI spokesman Bill Murray confirmed the agency was trying to trace the 
    author of the attacking software. 
    
    Experts said the BugBear software was programmed to determine whether 
    a victim used an email address that belonged to any of the 1300 
    financial institutions listed in its blueprints. 
    
    If a match was made, it tried to steal passwords and other information 
    that would make it easier for hackers to break into a bank's networks. 
    
    The software transmitted stolen passwords to 10 email addresses, which 
    also were included in the blueprints. But experts said that on the 
    internet, where anyone can easily open a free email account using a 
    false name, knowing those addresses might not lead detectives to the 
    culprit. 
    
    "Depending on how those email boxes are used, it could make 
    investigating this a little easier," Murray said. 
    
    "But it's not that easy. Those addresses may be blind boxes." 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jun 10 2003 - 00:02:37 PDT