CPA group faces data fraud risk
The American Institute of Certified Public Accountants (AICPA) has acknowledged that a hard drive with the unencrypted names, addresses and Social Security numbers of most of its 330,000 members has been missing since February.
The hard drive was accidentally damaged by an AICPA employee and shipped off to an external data-recovery service for repair, in violation of AICPA's policies, Joel Allegretti, spokesman for the New York-based organization, told Computerworld. The hard drive was being returned to the AICPA via FedEx but never arrived, Computerworld reported. Allegretti didn't say when exactly the drive disappeared, but he did say it was due back at the AICPA "towards the end of February."
The AICPA began notifying members whose personal data was compromised on May 8, Allegretti said. Jim McClusky, a spokesman for Memphis, Tenn.-based FedEx Corp., told Computerworld it's unclear what happened to the drive, but that it's working to track it down.
Blackmailing malware storms Russia
A new variant of the GpCode virus is spreading across Russia, encrypting victims' files and demanding ransom for decrypting the files. According to Russian antivirus firm Kaspersky Lab, Virus.Win32.GpCode.af uses a more secure encryption algorithm than a previous variant that was spreading last week.
"Kaspersky Lab strongly recommends that anyone who has had files encrypted should contact [the vendor's] virus lab," the vendor said on its Web site. "Under no circumstances should users give in to blackmail, as this will encourage the authors of this program to create new versions."
Kaspersky Lab has determined that the latest variant was mass mailed starting May 26, when several thousand Russians received an email with this text [translated to English]:
We are writing to you regarding the resume you have posted on the job.ru website. I have a vacancy that is suitable for you. ADC Marketing LTD (UK) is opening an office in Moscow and I am searching for appropriate candidates. I will soon be asking you to come in for an interview at a mutually convenient time.
If you are interested in my offer, please fill out the attached form related to compensation issues and email the results to me.
The attached Microsoft Word file is named anketa.doc and contains malware called Trojan-Dropper.MSWord.Tored.a. Once the recipient opens the file, a malicious macro installs another Trojan into the local system called Trojan-Downloader.Win32.Small.crb. This is the Trojan that takes GpCode from a malicious Web site and loads it onto the local machine.
The author of GpCode has conducted similar mass mailings over several days, and Kaspersky Lab is trying to find and shut down the malicious Web site.
Two adware mavens merge
Two embattled adware makers are merging operations and developing a new brand. Bellevue, Wash.-based 180Solutions Inc. and New York-based Hotbar.com Inc. announced a definitive merger that takes effect immediately, and the new organization will take the controversial Zango name. Zango is a 180Solutions program that delivers pop-up ads, and several antispyware vendors have fingered the program as a form of spyware. 180Solutions has faced fierce criticism in the recent past, with the Center for Democracy & Technology (CDT) accusing it of "illegal and deceptive practices" in dropping unwanted software on millions of machines.
HP addresses Sendmail flaw
Hewlett-Packard Co. has addressed a security hole affecting Tru64 UNIX and HP Internet Express programs that run Sendmail. Danish vulnerability clearinghouse Secunia said in an advisory that the flaw is caused by a signal-handling error when receiving and processing mail data from clients. Attackers can exploit it to corrupt memory by sending specially crafted data at certain time intervals.
The HP Web site outlines the fixes available for different versions of the affected products.