Attackers attempt massive fraud via Authorize.Net
Online fraudsters tried to charge money to stolen credit and debit cards this past weekend using the processing service of a major online payment provider. According to CNET News.com, several Web hosting companies that use the Authorize.Net service to accept credit cards online saw a quick surge in transactions, most for $500 and $700. The charges were billed to Visa, MasterCard and American Express cards across the U.S., representatives for three Web hosts told the news site.
"These hackers got their hands on high-quality data, and they used merchants of ours to run that data through the merchant's Web site, which goes through our platform," said David Schwartz, a spokesman for Authorize.Net in American Fork, Utah. The Web hosting companies came across the unusual charges through the e-mail alerts that Authorize.Net sends after each transaction. Close to 3,000 suspicious transactions were pushed through the merchant accounts of at least three companies.
In a 90 minute time period Sunday, online thieves ran close to 1,500 transactions through the Authorize.Net account of Defender Technologies Group, a Web host in Ashburn, Va., company CEO Tom Kiblin told the news site. "It was just under $1 million that got put through on our account," he said, adding that he reported the matter to the U.S. Secret Service.
McAfee fixes WebShield flaw
Santa Clara, Calif.-based AV company McAfee Inc. has patched a flaw in its WebShield SMTP gateway product, which parses and scans incoming e-mail for malicious content, including virus and worm attachments. Attackers could exploit the flaw to send malicious code to arbitrary memory locations and influence the execution of the application. More specifically, McAfee said, the program is susceptible to a remote format string vulnerability because it fails to properly sanitize user-supplied input before including it in a format-specifier argument to a formatted printing function.
Trend Micro data is compromised
A former Trend Micro Inc. employee's failure to install his company's AV software led to the uploading of some company reports to a popular Japanese peer-to-peer file-sharing network, the company has revealed. According to an IDG News Service report, the employee copied data -- including reports to his boss and proposals regarding the company's products -- to his home computer about a year ago, Kazuhisa Tagaya, a spokesman for the Tokyo-based company, told the news service. The computer was infected through the Japanese Winny file-sharing application, and the resulting virus caused the files to be released over the P2P network.
"We didn't say anything at the time because one file has a customer's company name," said Tagaya. "If we did say this, then people would have searched for the file, and it would have caused trouble for the customer. Now, such accidents happen every day, and the version of the file being distributed on Winny has been rewritten incorrectly by someone, so [it] is wrong."
This makes Trend Micro the latest organization to report data losses at the hands of viruses on the Winny network. Winny can be downloaded at no charge and is a popular way for Japanese Internet users to exchange music and video files, the news service noted. Police investigation materials, training manuals for Japan's Self-Defense Force, data related to nuclear power plants and information including the names of sex-crime victims have all found their way into the public domain via Winny.
Apple fixes firmware flaw in Mac OS X
Cupertino, Calif.-based Apple Computer Inc. has fixed a flaw in Mac OS X that local attackers could exploit to bypass firmware passwords.
"Intel-based Macintosh computers support the firmware password feature," Apple said in an advisory. "Prior to this update, a person with physical access to the computer could bypass the firmware password and access single-user mode. This update addresses the issue by enhancing the security provided by the firmware password." Apple credited David Pugh of the University of Michigan with reporting this issue. Users are advised to upgrade to version 10.4.6.