Researchers have uncovered information about the origins of "Operation High Roller," a campaign targeting victims in the United States and the Netherlands with banking trojans to carry out ACH fraud.
With less than a month remaining until the presidential election, online fraudsters are smelling opportunity, and more similarly themed cons are expected in the upcoming weeks.
Over the course of a week, two trojan-spreading scams have emerged that aim for users of the internet phone service.
A federal court in Virginia allowed Microsoft to take control of a domain, which hosted the Nitol botnet.
Kaspersky Lab researchers say they have detected five new variants of a mobile trojan known as ZitMo, and four of them target BlackBerry devices, which typically have gone untouched by hackers. Users in Europe are being targeted.
July 18, 2012
The active pursuit of online criminals by authorities serves a valuable purpose, but often it ends up netting lesser fish and doesn't complete the entire equation of what is needed to battle today's slick adversaries.
In a major victory for organizations that have sustained massive losses due to unauthorized transactions made by hackers, an appellate court has ruled in favor of a Maine construction company against its bank.
Researchers at ThreatMetrix Labs have come across a new variant of the peer-to-peer (P2P) version of the notorious Zeus trojan.
The infamous trojan Citadel, known for being the first crimeware kit to include a CRM module to communicate with its creators, will only be sold only to recommended sources.
According to an amended complaint filed last week in U.S. District Court in Brooklyn, Microsoft has named two defendants in its Zeus civil lawsuit who previously were listed as "John Does." They currently are in prison.
Variants of the SpyEye and Zeus toolkits are being used in a global fraud ring to evade multifactor authentication and raid high-balance accounts.
A new attack method, automatic transfer system (ATS), is being used in conjunction with popular crimeware kits to create "man-in-the-browser" assaults on bank accounts.
Financially minded cyber criminals are attempting to hijack corporate bank accounts at increasing rates, but they are finding less luck in actually getting money out of them, a new study shows.
The purveyors of the pernicious Zeus trojan, which traditionally have targeted corporate bank accounts, have found a new cash cow: payroll accounts.
Three domains, which are feeding instructions to computers infected with the Zeus trojan, still are operational despite a Microsoft-led effort to disable the botnet, according to researchers at security firm FireEye.
Cyber criminals have cloaked spam to resemble US Airways check-in emails in phishing attempts that lead to Zeus trojan infections.
Banking trojan Zeus and its related families, which have looted a number of small and midsize businesses to the tune of millions, may be partially crippled after the latest Microsoft botnet enforcement effort.
The insidious Zbot trojan is believed responsible for compromising the Social Security numbers of more than 18,275 workers at Central Connecticut State University.
February 16, 2012
Trying to solve the spam epidemic? It might be time for organizations to look inward, as machines that are unknowingly seeded with malware are the reason for the botnet scourge.
A letter addressed to the stolen email addresses of Stratfor customers claims to be a helpful reminder of malware scams, but is actually bait to spread the Zbot trojan.
A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.
Variants of the Zeus trojan are being used in new Facebook and banking heists, security researchers and law enforcement are warning.
As small businesses increase their dependence on the internet, one federal agency is helping to pave the way for them to conduct secure operations.
Microsoft Security Essentials (MSE), a free utility for Windows-based computers that offers protection against malware, is catching Google's Chrome browser in its dragnet. A faulty signature update for MSE and Microsoft Forefront erroneously classified the Chrome executable file for Windows as an element of the Zeus trojan, notorious for stealing banking information, resulting in a large number of Chrome users being left without their bookmarks and browser plugins. While Microsoft responded within hours with an updated signature (1.113.672.0), and claimed only 3,000 customers were affected, the traffic on blogs and bulletin boards seemed to indicate the number could be much higher. Microsoft advised users to update MSE with the latest signatures and reinstall Chrome.
Despite fresh guidance and quicker fraud detection, the FBI actively is investigating more than 400 cases of corporate bank account takeovers, an official told federal lawmakers last week. Gordon Snow, the FBI's assistant director of the cyber division, told a House Financial Services subcommittee that these cases, in which criminals initiate unauthorized Automated Clearing House and wire transfers from seized accounts belonging to mostly small and midsize businesses, have resulted in the attempted theft of more than $225 million and actual losses of around $85 million. In his remarks, Snow also discussed risks related to ATM skimming, mobile banking and supply chain compromise.
Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.
Researchers at Trend Micro say they have been hot on the tracks of a corporate hacker, and now they are turning over their findings to U.S. law enforcement.
A new survey from FS-ISAC shows that corporate account takeover remains a persistent issue for banks, but they are getting better at detecting the fraud before any money changes hands.
McAfee is dealing with another round of industry disparagement over its "Shady RAT" report, which chronicled a five-year-long hacking campaign.
Researchers have discovered a new variant of the insidious Zeus trojan designed to run on Google Android smartphones, but the threat is minimal in the United States.
