Forwarded from: Mark Bernard <Mark.Bernard@private> Dear Associates, PayPal and "International" banks (Canada/Europe) sounds like a potential big problem, unless its just a marketing ploy...... Folks these things aren't going away but we need to become even more diligent with our risk management programs. Its beginning to look as though we need to start testing systems and reviewing audit findings of those businesses wherever our services are being used or channelled through. Based on my research it was falling off expectations made back 5 - 6 years previous. Hence the introduction of privacy legislation. I wonder if privacy legislation is having the impact that it was design for with the continued onslaught of e-crime. I also wonder if it will get to the point where a few examples will need to be made before businesses do whatever is necessary. All the best, Mark. Mark E. S. Bernard, CISM, CISSP, PM, e-mail: Mark.Bernard@private; Web: http://www.TechSecure.ca; Phone: (506) 325-0444 ----- Original Message ----- From: "InfoSec News" <isn@private> To: <isn@private> Sent: Tuesday, August 09, 2005 5:47 AM Subject: [ISN] Huge ID theft ring affects at least 50 banks > http://software.silicon.com/security/0,39024655,39151163,00.htm > > By Ingrid Marson > 9 August 2005 > > A major identity theft ring discovered last week has affected the > customers of at least 50 banks, according to Sunbelt Software, the > security firm that uncovered the operation. > > The operation, which is thought to be under investigation by the FBI > and Secret Service, is currently gathering personal data from > compromised machines and sending them to a server where they are > saved in a file. > > Sunbelt Software said on Monday that in the two days it has been > monitoring the file it has seen confidential financial details of > the customers of the Bank of America, PayPal and up to 50 > international banks, according to Eric Sites, the vice president of > research and development at Sunbelt. > > Sites said: "For almost every bank that is listed [in the file], > it's possible to get into the person's account." > > As well as passwords for online banking sites, information on credit > cards has also been gathered. Sites said that Sunbelt had found one > customer's credit card number, expiry date and security code as well > as their name and address, which would allow anyone to use their > credit card. > > The data theft was initially reported to be carried out by a > modified variant of a spyware application, called CoolWebSearch > (CWS) but Sunbelt has now found that the activities are carried out > by a mail zombie and a separate Trojan, which is downloaded at the > same time as CWS. _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Tue Aug 09 2005 - 23:49:16 PDT