Phishing attacks grow more personalized Scammers are trying to dupe more people into falling for their phishing attacks by sending out messages that are much more personalized than past efforts, according to the Bethesda, Md.-based SANS Internet Storm Center (ISC). The ISC received samples of a message that arrived in one victim's inbox, which included the person's full name and postal address. Images of the message can be viewed on...
the ISC Web site.
The message was made to look like a CitiBusiness banking alert claiming that an unauthorized access attempt had occurred. The "click here" link led to a fraudulent Web site.
"Where does the personal data come from? In this incident, this victim rarely used his/her full name online, and the name was not included in phone directories," ISC handler Lenny Zeltser said on the center's Web site. "It is possible that the scammer obtained the data from diverse sources and was able to link the fields (name, e-mail address, and postal address) together. More likely, the data originated from a Web site that stored billing details or from a compromised credit card processor."
He said another possibility is that the scammer purchased the data from legitimate consumer data providers. Even if the scammer was not certain that the victim's records were correct, even a small number of matches would increase the number of fooled victims, he said.
He said the fraudulent Web site in question mimicked the real CitiBusiness Online Web site and allowed the victim to enter his/her business code by clicking on images of numbers in the form. "The URL that brought the person to the fraudulent site included a unique identifier that allowed the site to track e-mail recipients," Zeltser said. "It is possible that the identifier was used to pull up the victim's records from the fraudulent site's database; another possibility is that the victim's name and address were actually encoded in the URL string. As a result, two screens later, the victim was presented with his/her postal address and full name without having to supply them to the site."
After allowing the victim to correct the address, "the site prompted the person for additional sensitive information, such as date of birth, Social Security number, and mother's maiden name," Zeltser added. The ISC has reported the phishing attempt to the Anti-Phishing Working Group and Citibank.
VeriSign warns of powerful DOS attacks
A new wave of unusually potent denial-of-service (DOS) attacks can overwhelm popular Web sites and disrupt e-mails by exploiting the computers that help manage global Internet traffic, a security expert from Mountain View, Calif.-based VeriSign Inc. said.
In an interview with The Associated Press, Ken Silva, VeriSign's chief security officer, compared the scale of attacks to the damage caused in October 2002, when nine of the 13 computer "root" servers that manage global Internet traffic were crippled by a powerful electronic attack. VeriSign operates two of the 13 root server computers, but its machines were unaffected. "This is significantly larger than what we saw in 2002, by an order of magnitude," Silva said.
The new attacks, first discovered late last year, direct such massive amounts of spurious data against victim computers that even flagship technology companies could not cope, Silva said. In one of the early cases examined, he said the unknown assailant apparently seized control of an Internet name server in South Africa and deliberately corrupted its contents. Name servers are specialized computers that help direct Internet traffic to its destinations. The attacker then sent falsified requests to the compromised directory computer, which unleashed overwhelming floods of amplified data aimed wherever the attacker wanted.
Experts traced at least 1,500 attacks that briefly shut down commercial Web sites, large Internet providers and leading Internet infrastructure companies during a period of weeks. The attacks were so targeted that most Internet users did not notice widespread effects, Silva told The Associated Press.
Norton update disrupts AOL connections
Cupertino, Calif.-based AV giant Symantec has acknowledged that a flawed update of its Norton software disrupted Internet access for America Online (AOL) users this week. In an e-mailed statement, Symantec said the problem specifically affected AOL customers using recent editions of Norton AntiVirus and Norton Internet Security. The problem was in an update to some intrusion prevention software. "This update incorrectly detected traffic patterns used as part of the AOL connection as a potential risk," Symantec said in an e-mailed advisory.
The flawed update resulted in AOL dial-up customers losing their connection. Meanwhile, AOL broadband users were unable to access AOL servers. The flawed update was removed from Symantec's servers and replaced with a new version. The company has released an advisory to help affected users correct any problems. Users can also call customer service at 1-800-927-3991 for assistance. Symantec advised users who can't get online to disable their Norton software, connect to the Internet and download updated definition files.
AOL reportedly has 20 million customers.
Oracle cites a security milestone
Redwood Shores, Calif.-based database giant Oracle Corp. says it has reached a security milestone: Its Siebel eBusiness Application Development Platform has become the industry's first CRM application to achieve the National Information Assurance Partnership's Common Criteria Evaluation Assurance Level 2 designation.
"Accepted by more than 20 governments worldwide, the National Information Assurance Partnership's Common Criteria evaluation assesses the security of a product against a published security target," Oracle said in a statement. "The certification of Oracle products is critical to security-conscious customers, specifically those who must comply with government mandated procurement policies that permit them to purchase only products that have successfully completed a Common Criteria evaluation. Such policies include the National Security Telecommunications Information Systems Security Policy Number 11 and the Department of Defense Directive 8500.1."
Oracle said the evaluation marks another milestone in its "longstanding commitment to provide data security, data encryption and data authentication for mission-critical, enterprise business applications." For the evaluation, a third-party laboratory evaluated Oracle's Siebel eBusiness Application Development Platform version 7.8.2, which includes Siebel Case Management, Siebel Service, Siebel Sales and Siebel Marketing to ensure the product met specific security criteria.
Report: RFID tags vulnerable to attack
Researchers have found that it's possible to insert a virus into radio frequency identification (RFID) tags. The researchers have released a detailed analysis showing how it is possible to infect a tiny portion of memory in the chip, which can hold as little as 128 characters of information.
In the paper, "Is Your Cat Infected With a Computer Virus?," the group, affiliated with the computer science department at Vrije University in Amsterdam, also describes how the vulnerability could be used to undermine a variety of tracking systems. The researchers told The New York Times that they realized there are risks associated with publishing security vulnerabilities in computerized systems. To head off some of the possible attacks they described, they have also published a set of steps to help protect RFID chips from such attacks.
"We have not found specific flaws" in the commercial RFID software, the group's leader, American computing scientist Andrew S. Tanenbaum, told the Times, but "experience shows that software written by large companies has errors in it."