You are here: silicon.com > Software > Malware

Malware

Bank data seized in e-card scam

Windows flaw opens the door...

Tags: e-card, scam

By Joris Evers

Published: 22 September 2006 08:25 BST

Cyber crooks are using e-cards that appear to come from a secret admirer in a scam to collect sensitive personal information, a security expert has warned.

Data including credit card numbers, online banking credentials, and login names and passwords of thousands of individuals from Australia and the US has already been collected in the scam, Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs, said in an interview on Wednesday.

The attacks involve email messages that at first glance appear to be greeting cards from services such as Blue Mountain or Yahoo!, Thompson said. Clicking on the link to view the card, however, first sends the target to a malicious website that tries to silently install keylogger software, he said. After that the card is displayed.

He said: "It is really quick, nobody notices it. Unless you actually look at the source of the email and say, 'hang on, this is a redirect', you wouldn't actually see it."

The miscreants use a flaw in Microsoft's Windows operating system to drop the spy software and a rootkit to hide it on PCs, Thompson said. Windows users who have installed the MS06-014 patch, released in May, are not vulnerable to this particular silent drive-by installation of malicious software.

The attacks appear to have started in April with a new wave of malicious email messages sent out every week. Each week the attackers appear to collect a 200MB file with freshly captured information from a server, Thompson said. He was able to identify the server and reported the matter to Australian and US authorities, he said.

So far, Exploit Prevention Labs has been able to identify that customers at nearly every Australian bank were compromised, it said in a statement. The cyber crooks have also targeted individuals in Asia, Europe and North America using a variety of e-card services, the company said.

Joris Evers writes for CNET News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

  • Jobs
Shift Supervisor

OVERALL OBJECTIVE: TNS provides high-speed transmission services for financial transaction oriented applications such as credit and debit ...

Risk Manager (fraud/operational) - UK (permanent)

You must have worked within the credit cards industry previously. We are currently looking for a Risk Manager with fraud and operational experience ...

Technical Support Specialist

Having moved from being a single product company to a full portfolio vendor, Websense is now regarded as a true market leader in web security, ...

Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: