Information Security News mailing list archives
Re: Huge ID theft ring affects at least 50 banks
From: InfoSec News <isn () c4i org>
Date: Wed, 10 Aug 2005 01:36:33 -0500 (CDT)
Forwarded from: Mark Bernard <Mark.Bernard () TechSecure ca> Dear Associates, PayPal and "International" banks (Canada/Europe) sounds like a potential big problem, unless its just a marketing ploy...... Folks these things aren't going away but we need to become even more diligent with our risk management programs. Its beginning to look as though we need to start testing systems and reviewing audit findings of those businesses wherever our services are being used or channelled through. Based on my research it was falling off expectations made back 5 - 6 years previous. Hence the introduction of privacy legislation. I wonder if privacy legislation is having the impact that it was design for with the continued onslaught of e-crime. I also wonder if it will get to the point where a few examples will need to be made before businesses do whatever is necessary. All the best, Mark. Mark E. S. Bernard, CISM, CISSP, PM, e-mail: Mark.Bernard () TechSecure ca; Web: http://www.TechSecure.ca; Phone: (506) 325-0444 ----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Tuesday, August 09, 2005 5:47 AM Subject: [ISN] Huge ID theft ring affects at least 50 banks
http://software.silicon.com/security/0,39024655,39151163,00.htm By Ingrid Marson 9 August 2005 A major identity theft ring discovered last week has affected the customers of at least 50 banks, according to Sunbelt Software, the security firm that uncovered the operation. The operation, which is thought to be under investigation by the FBI and Secret Service, is currently gathering personal data from compromised machines and sending them to a server where they are saved in a file. Sunbelt Software said on Monday that in the two days it has been monitoring the file it has seen confidential financial details of the customers of the Bank of America, PayPal and up to 50 international banks, according to Eric Sites, the vice president of research and development at Sunbelt. Sites said: "For almost every bank that is listed [in the file], it's possible to get into the person's account." As well as passwords for online banking sites, information on credit cards has also been gathered. Sites said that Sunbelt had found one customer's credit card number, expiry date and security code as well as their name and address, which would allow anyone to use their credit card. The data theft was initially reported to be carried out by a modified variant of a spyware application, called CoolWebSearch (CWS) but Sunbelt has now found that the activities are carried out by a mail zombie and a separate Trojan, which is downloaded at the same time as CWS.
_________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
Current thread:
- Huge ID theft ring affects at least 50 banks InfoSec News (Aug 09)
- <Possible follow-ups>
- Re: Huge ID theft ring affects at least 50 banks InfoSec News (Aug 09)