To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39162660,00.htm

Bank data seized in e-card scam
Windows flaw opens the door...

By Joris Evers

Published: Friday 22 September 2006

Cyber crooks are using e-cards that appear to come from a secret admirer in a scam to collect sensitive personal information, a security expert has warned.

Data including credit card numbers, online banking credentials, and login names and passwords of thousands of individuals from Australia and the US has already been collected in the scam, Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs, said in an interview on Wednesday.

The attacks involve email messages that at first glance appear to be greeting cards from services such as Blue Mountain or Yahoo!, Thompson said. Clicking on the link to view the card, however, first sends the target to a malicious website that tries to silently install keylogger software, he said. After that the card is displayed.

He said: "It is really quick, nobody notices it. Unless you actually look at the source of the email and say, 'hang on, this is a redirect', you wouldn't actually see it."

The miscreants use a flaw in Microsoft's Windows operating system to drop the spy software and a rootkit to hide it on PCs, Thompson said. Windows users who have installed the MS06-014 patch, released in May, are not vulnerable to this particular silent drive-by installation of malicious software.

The attacks appear to have started in April with a new wave of malicious email messages sent out every week. Each week the attackers appear to collect a 200MB file with freshly captured information from a server, Thompson said. He was able to identify the server and reported the matter to Australian and US authorities, he said.

So far, Exploit Prevention Labs has been able to identify that customers at nearly every Australian bank were compromised, it said in a statement. The cyber crooks have also targeted individuals in Asia, Europe and North America using a variety of e-card services, the company said.

Joris Evers writes for CNET News.com