banking trojans go from bad to worse

1
NEWS Banking Trojans go from bad to worse 1 SEO scams growing 1 Scareware trend accelerating 2 Canadian pharmaceutical spam tops charts 3 FEATURES Preparing for the end 5 The appropriate of redundant storage devices regularly overlooked and has caused signifi- cant compliance problems for organisations of all sizes. Matthew Pemble of Idrach Ltd provides some best practice pointers. The economics of user effort in information security 8 This article proposes a new approach to managing employee security behaviour: the compliance budget. Testing times 12 Designing secure software, configuring fire- walls effectively, and installing an IPS are all sound measures when it comes to securing a network. But for proper risk management, nothing beats effective network testing, argues Daryl Cornelius, of Spirent. The challenge of security awareness training 15 This article analyses why standard ‘death by a thousand PowerPoints’ training is not the most effective way to increase security awareness within a business. State of the art security management 17 A US research institute recently interviewed representatives of seventy American compa- nies who were similar in the fact that they all outsourced management of their IT systems, and, most significantly, the security compo- nent. The security segments outsourced by the interviewed companies included: daily opera- tion security and on-site professional services. Cloud – Hawk 19 Nigel Hawthorn, EMEA marketing VP for Blue Coat Systems, looks at the need for organisations to adopt a real-time cloud computing security service that addresses latency, cybercrime in the cloud, malware, trojans, botnets and phishing attacks. REGULARS Editorial 3 News in brief 4 Calendar 20 Contents computer FRAUD & SECURITY ISSN 1361-3723 October 2009 www.computerfraudandsecurity.com Banking Trojans go from bad to worse B anking Trojans just keep get- ting smarter. The latest one calculates how much money to steal from online bank accounts to allay suspicion among victims and dodge antifraud systems, accord- ing to a report from anti-malware company Finjan. Criminals used the LuckySploit crimeware toolkit to install the URLZone Trojan, infecting around 7.5% of visitors. The Trojan also displayed false online bank statements to infected users to hide the amount of money that had been stolen. This is the latest in a long line of bank- ing Trojan developments that have seen the programs becoming increasingly sophisti- cated. In late 2007, a Trojan called silent- banker was identified by security compa- nies. It downloaded encrypted, compressed content from update servers, and watched users enter passwords and click on certain areas of the screen. It also stole cookies and send all of this information back to the perpetrators. PandaLabs said that it has detected five million new strains of malware in the last three months. Most of them were banking Trojans, it added. Featured this month: Preparing for the end F ailing to ensure correct disposal (and retention) of information assets has caused significant data leaks for numerous organisations. Increased legal and regulatory pow- ers and attention, media interest and formal compliance regime require- ments all mean that this often neglected area deserves the same consideration applied to more in- vogue aspects of security. It should be incorporated into organisational policies and processes as well as specifically considered as part of infrastructure and location projects. Proper requirements analysis, plan- ning, audit and review are all vital in ensuring that the end of the useful life of corporate information is not the start of a new set of problems for the disposing organisation. Turn to page 5... ISSN 1361-3723/09 © 2009 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. SEO scams growing T he internet has seen a wave of SEO poisoning attacks in the last couple of months which seems to be heavily linked to the distribution of rogue anti-virus software. The death of Patrick Swayze and the anniversa- ry of the September 11 attacks were two events that criminals used to artificially stuff keywords into their own sites – and legitimate ones. SEO poisoning works by putting key- words relating to popular events at stra- tegic places in a web page. This sends the page to the top of the search engine rank- ings, but when clicked on, it serves up a fake warning alerting users that their PC may be infected. The scam is also being used to target legitimate sites using SQL injection kits, in a bid to fool content Continued on page 2...

Post on 19-Sep-2016

215 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Banking Trojans go from bad to worse

NEWSBanking Trojans go from bad to worse 1SEO scams growing 1Scareware trend accelerating 2Canadian pharmaceutical spam tops charts 3

FEATURESPreparing for the end 5The appropriate of redundant storage devices regularly overlooked and has caused signifi-cant compliance problems for organisations of all sizes. Matthew Pemble of Idrach Ltd provides some best practice pointers.The economics of user effort in information security 8This article proposes a new approach to managing employee security behaviour: the compliance budget.Testing times 12Designing secure software, configuring fire-walls effectively, and installing an IPS are all sound measures when it comes to securing a network. But for proper risk management, nothing beats effective network testing, argues Daryl Cornelius, of Spirent.The challenge of security awareness training 15This article analyses why standard ‘death by a thousand PowerPoints’ training is not the most effective way to increase security awareness within a business. State of the art security management 17A US research institute recently interviewed representatives of seventy American compa-nies who were similar in the fact that they all outsourced management of their IT systems, and, most significantly, the security compo-nent. The security segments outsourced by the interviewed companies included: daily opera-tion security and on-site professional services.Cloud – Hawk 19Nigel Hawthorn, EMEA marketing VP for Blue Coat Systems, looks at the need for organisations to adopt a real-time cloud computing security service that addresses latency, cybercrime in the cloud, malware, trojans, botnets and phishing attacks.

REGULARSEditorial 3News in brief 4Calendar 20

Contents

computerFRAUD & SECURITYISSN 1361-3723 October 2009 www.computerfraudandsecurity.com

Banking Trojans go from bad to worse

Banking Trojans just keep get-ting smarter. The latest one

calculates how much money to steal from online bank accounts to allay suspicion among victims and dodge antifraud systems, accord-ing to a report from anti-malware company Finjan. Criminals used the LuckySploit crimeware toolkit to install the URLZone Trojan, infecting around 7.5% of visitors. The Trojan also displayed false online bank statements to infected users to hide the amount of money that had been stolen.

This is the latest in a long line of bank-ing Trojan developments that have seen the programs becoming increasingly sophisti-cated. In late 2007, a Trojan called silent-banker was identified by security compa-nies. It downloaded encrypted, compressed content from update servers, and watched users enter passwords and click on certain areas of the screen. It also stole cookies and send all of this information back to the perpetrators.

PandaLabs said that it has detected five million new strains of malware in the last three months. Most of them were banking Trojans, it added.

Featured this month: Preparing for the end

Failing to ensure correct disposal (and retention) of information

assets has caused significant data leaks for numerous organisations. Increased legal and regulatory pow-ers and attention, media interest and formal compliance regime require-ments all mean that this often neglected area deserves the same consideration applied to more in-vogue aspects of security. It should

be incorporated into organisational policies and processes as well as specifically considered as part of infrastructure and location projects.

Proper requirements analysis, plan-ning, audit and review are all vital in ensuring that the end of the useful life of corporate information is not the start of a new set of problems for the disposing organisation.

Turn to page 5...

ISSN 1361-3723/09 © 2009 Elsevier Ltd. All rights reservedThis journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use:PhotocopyingSingle photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.

SEO scams growing

The internet has seen a wave of SEO poisoning attacks in the last

couple of months which seems to be heavily linked to the distribution of rogue anti-virus software. The death of Patrick Swayze and the anniversa-ry of the September 11 attacks were two events that criminals used to artificially stuff keywords into their own sites – and legitimate ones.

SEO poisoning works by putting key-words relating to popular events at stra-tegic places in a web page. This sends the page to the top of the search engine rank-ings, but when clicked on, it serves up a fake warning alerting users that their PC may be infected. The scam is also being used to target legitimate sites using SQL injection kits, in a bid to fool content

Continued on page 2...