Top 10 malware reported to Sophos in October 2007

Thursday, October 11, 2007

By Jon Swartz, USA TODAY

SAN FRANCISCO — A recent surge in phishing — fraudulent e-mail and websites designed to "fish" sensitive personal information such as passwords and credit card numbers — is the handiwork of a small, shadowy cybergang, computer security experts say.

Rock Phish, a group of technically savvy hackers who oversee phishing websites and provide tools on the Internet that let others phish, is "the major driving force behind a worsening situation, and they are difficult to track down," says Zulfikar Ramzan, senior principal researcher at Symantec's (SYMC) Security Response Group.

Rock Phish got its name because of its use of the word "rock" in the Web addresses of phishing websites. It is believed to be in Eastern Europe, based on the widespread availability of its phishing tools on websites hosted in that region.

FBI spokesman Paul Bresson says it is aware of the group. But U.S. authorities have little legal recourse to bust the foreign group and tamp down the surge in phishing, says Paul Henry, vice president of technology evangelism at Secure Computing.

So far, the criminal enterprise has victimized customers of U.S. and European financial institutions, such as Citibank (C) and Barclays, as well as popular phishing targets eBay (EBAY) and PayPal, says Dan Hubbard, senior director of security and technology research at security firm Websense.

Read more here...

Wednesday, October 10, 2007

By RIVA RICHMOND
The Wall Street Journal

October 10, 2007; Page B5C

During a two-hour period June 24, something unusual turned up in email-security company MessageLabs Inc.'s filters: 514 messages tailored to senior executives of corporate clients, containing programs designed to steal sensitive company data.

On Sept. 12 and 13, it happened again, and the company captured 1,100 messages in a 16-hour wave. The messages, which included executives' names and titles, were from a purported employment service and offered attachments supposedly containing information on potential job candidates. The attachments were Microsoft Word documents, a common type of office file erroneously believed to be safe by most computer users. If not intercepted, they would have deposited Trojan horses, or malicious programs disguised as benign ones, onto some high-powered people's computers.

The two email bursts point to a new and sophisticated take on an old-style attack with troubling implications for corporations, Messagelabs says. In the past, most email attacks of this kind were simple "phishing" scams sent to masses of consumers with the goal of inducing them to part with their financial-account information. A small number of targeted attacks were seen by security companies, but they typically targeted individuals in government or the military. These new attacks suggested that a fairly low-tech email scheme could create a high-class problem for companies, placing valuable data at risk and challenging companies to devise foolproof technical defenses.

MessageLabs says it has been intercepting targeted email attacks on corporate clients for at least three years, and the numbers began to rise significantly over the past year. The company was catching one message a day as of the end of 2006. That rose to about 10 a day by May and then jumped dramatically with the June and September attacks. Both of those incidents targeted executives in a wide range of industries.

Enter the Newcomers

"All of a sudden, somebody new hit the scene," said Mark Sunner, MessageLabs' chief security analyst. Who that is isn't clear because technical tricks disguised the emails' origins, he said. But it is likely the person or group responsible came from the digital underground centered in Eastern Europe, where malicious-program writers and organized crime have long worked hand-in-hand online to steal and sell data for use in fraud schemes.Read more here...
 

Read more here...