Search

About

Enter your email address:

Delivered by FeedBurner

Categories

Westfield Links

Westfield Blogs

InfoSec Favorites

« July 2009 | Main | September 2009 »

August 2009

Real-Time Trojan

In a recent NY Times article, some of the elite hackers are taking advantage of the real-time Web. These hackers have released the next generation of Trojans which uses a Twitter-like stream to channel information back to the hacker in real-time.

The ability to report back in real-time allows hackers to get around roadblocks such as RSA’s SecureIDs, temporary one time passwords. By sending this temporary password back to the hacker immediately, it allows them to sign onto your account.

Joe Stewart, the director of malware research for SecureWorks, recently decoded a particularly nasty Trojan that uses a real-time technique called Clampi, which is used to attack people who have access to corporate bank accounts with large balances.

This Trojan is being unknowingly downloaded through people going to hacked websites that download the code onto your machine. Clampi can take advantage of a vulnerability in Windows and spread itself to all of the computers on a corporate network. Mr Stewart found that all the infected machines were coded to notice when the user visits any of 4,600 Web pages, including banks and brokerage sites.

Clampi then transmits a real-time stream of user actions using instant messaging-like software. Hackers would log into the bank account and initiate wire transfers, funneling them through accomplices or fake employees.

What can you do to limit your chances of getting one of these Trojans? One way to keep your computer clean of malware by avoiding suspicious e-mail attachments and Internet downloads. Also, keep your antivirus definition up to date. When a new piece of malware is discovered, AV companies add it to their list of checks.

Jeff Gibson on 25 August 2009 | | Comments (0) | TrackBack (0)

| | | | | |

Cash for Crooks Buying Your Clunker

Many Americans are trading in their gas guzzlers for a fresh start as part of the government’s “Cash for Clunkers” initiative.  Your rush to trade-in your vehicle for $3500-$4500 may not be worth it if you don’t spend an extra moment to give your car a thorough once-over before leaving the dealership.

As a long-time buyer of “previously enjoyed” vehicles, I am amazed by what I have found left behind by the previous owner.  Besides the typical French fries, coins and Skittles hidden under the seats; I have found plenty of personal information.  Information that you probably don’t want the new owner to have in their possession.

Glove box – Your dealership was nice enough to put all of your loan origination paperwork, licensing & title information in the leatherette binder which holds the owner’s manual you never read; before you trade your car in, make sure you remove all of that paperwork.  It includes your name, address, social security number and income information.

Center console – I’ve found ATM receipts, credit cards and a checkbook.  Did I mention that I had the previous owner’s signature on file (see glove box)?  Most new cars have a removable tray to trick thieves into believing that nothing lies beneath the center console.  It’s also the perfect place for owners to place things only to forget them there forever.

Seat pockets – The backs of the driver’s and passenger’s seats have soft pockets that are sized perfectly for medical billing information.  My wife usually places our children’s immunization records and school information here as she straps the children into their car seats.

Trunk – You never used the spare tire but somehow that tire well was able to collect things anyway.  Aside from the $10 in loose change, there’s a good chance that missing (intentionally placed) house key is there for the new owner’s taking.  Don’t forget they have your address!

In conclusion, it’s a great time to take advantage of a government subsidized new car purchase.  Just make sure you spend an extra 15-30 minutes going over all of the nooks and crannies of your vehicle to make sure you aren’t handing over your life’s story to an identity thief.  And if you are wondering where the other sock went, you might start here too!

John Doan on 18 August 2009 | | Comments (0) | TrackBack (0)

| | | | | |

Four Steps to Avoid Scams: A Courage-Building Cheat Sheet

New scams are created every day which target each and every one of us.  The AMS Users group identified a prime example recently that targets independent insurance agents. This new scheme attempts to steal an agent's credit card information posing as a representative of the department of insurance.

 

Our blog posts have identified several of the scams in the past such as toner scams, and the Michael Jackson spam emails recently spread across the web.

 

Most people find it difficult to challenge these scammers, but a great courage builder is to make a simple cheat sheet and post it near your phone. Here is an example that hopefully will save you quite a bit of grief and money in the future:

 

Step 1: If it sounds too good to be true...it most likely is.

 

Don’t be afraid to ask hard questions after all they wouldn’t be calling you if they didn’t want to.

 

Step 2:    Ask for a reference for validation or a call back number.

 

A scammer probably won’t have a reference available and surely won’t want to give you a number to contact them back. If they aren’t reputable enough to have a reference, use caution.

 

Step 3:    Ask for the request or offer in writing.

 

Any offer can be provided in writing, and it provides you an easy out if someone is attempting to pose as an official or service provider.  Most companies have policies which state they must send you a notice in writing if requested.

 

Step 4:     If and when they hang up on you, take it as a compliment.

 

You most likely just avoided a scam.  Feel good about yourself, and share your experience with others.  One of the best ways to protect yourself and others is to share positive experiences.

 

Feel free to share your cheat sheets as well!

 

Jake Harris on 10 August 2009 | | Comments (0) | TrackBack (0)

| | | | | |