Re: [ISN] Huge ID theft ring affects at least 50 banks

From: InfoSec News (isn@private)
Date: Tue Aug 09 2005 - 23:36:33 PDT


Forwarded from: Mark Bernard <Mark.Bernard@private>

Dear Associates,

PayPal and "International" banks (Canada/Europe) sounds like a
potential big problem, unless its just a marketing ploy......  Folks
these things aren't going away but we need to become even more
diligent with our risk management programs. Its beginning to look as
though we need to start testing systems and reviewing audit findings
of those businesses wherever our services are being used or channelled
through.

Based on my research it was falling off expectations made back 5 - 6
years previous. Hence the introduction of privacy legislation. I
wonder if privacy legislation is having the impact that it was design
for with the continued onslaught of e-crime.  I also wonder if it will
get to the point where a few examples will need to be made before
businesses do whatever is necessary.

All the best,
Mark.

Mark E. S. Bernard, CISM, CISSP, PM,
e-mail: Mark.Bernard@private; Web: http://www.TechSecure.ca; Phone: 
(506) 325-0444
----- Original Message ----- 
From: "InfoSec News" <isn@private>
To: <isn@private>
Sent: Tuesday, August 09, 2005 5:47 AM
Subject: [ISN] Huge ID theft ring affects at least 50 banks


> http://software.silicon.com/security/0,39024655,39151163,00.htm
>
> By Ingrid Marson
> 9 August 2005
>
> A major identity theft ring discovered last week has affected the
> customers of at least 50 banks, according to Sunbelt Software, the
> security firm that uncovered the operation.
>
> The operation, which is thought to be under investigation by the FBI
> and Secret Service, is currently gathering personal data from
> compromised machines and sending them to a server where they are
> saved in a file.
>
> Sunbelt Software said on Monday that in the two days it has been
> monitoring the file it has seen confidential financial details of
> the customers of the Bank of America, PayPal and up to 50
> international banks, according to Eric Sites, the vice president of
> research and development at Sunbelt.
>
> Sites said: "For almost every bank that is listed [in the file],
> it's possible to get into the person's account."
>
> As well as passwords for online banking sites, information on credit
> cards has also been gathered. Sites said that Sunbelt had found one
> customer's credit card number, expiry date and security code as well
> as their name and address, which would allow anyone to use their
> credit card.
>
> The data theft was initially reported to be carried out by a
> modified variant of a spyware application, called CoolWebSearch
> (CWS) but Sunbelt has now found that the activities are carried out
> by a mail zombie and a separate Trojan, which is downloaded at the
> same time as CWS.



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 



This archive was generated by hypermail 2.1.3 : Tue Aug 09 2005 - 23:49:16 PDT