Security Bytes: Phishing scheme targets American Express customers

By SearchSecurity.com Staff 02 May 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

American Express warns of malicious pop-up
American Express is warning customers that attackers are targeting them with a phishing scheme that relies on a fake pop-up screen disguised as a security update. An image of the pop-up screen is included in the company's online advisory.

The advisory explains that the pop-up is a hoax that has been circulating since March 29. The box carries the title of "Security Measures" and requests people provide their date of birth, Social Security number and mother's maiden name.

"Please note that this fraudulent activity may be the result of a computer virus and is not a part of the American Express Web site," the advisory said. "If you received this pop-up box, your computer may have this virus."

American Express recommended customers ensure that they have up-to-date AV software and a firewall on their PCs to protect themselves.

Info on 66,000 newspaper subscribers leaked online
Personal data on 66,000 Japanese newspaper subscribers has leaked onto the Web through file sharing software, according to a report on the Slyck News Web site, which specializes in file sharing news.

Slyck noted that the incident is the latest in a long line of serious data leaks in Japan, which have included sensitive military, police and medical records. The newspaper, Tokyo-based Mainichi Shimbun, confirmed that names, addresses and phone numbers were leaked, but not financial data.

The data emerged on a Japanese file sharing network called Share, which is being developed by an anonymous author as a successor to the popular Winny network. Both Winny and Share use code from the amorphous Freenet network to help obscure the link between IP addresses and shared folders, Slyck noted, offering a certain level of anonymity.

The leak was traced back to an employee who moved the data onto his own computer, which had Share installed. Unknown to the employee, the computer also had a virus that shared the whole hard drive on the file sharing network. Ironically, Slyck reported, the leak was discovered by the paper's own reporters, who were investigating cybercrime.

Trojan horse hijacks data; demands ransom
A new Trojan horse prevents victims from accessing their computer data and demands a ransom be paid via Western Union, UK-based AV firm Sophos warned on its Web site.

Troj.Ransom-A threatens to delete one file belonging to the user every 30 minutes until the $10.99 ransom demand is paid. The Trojan also displays pornographic images and the following message:

listen up [expletive]

is this computer valuable. it better not be. is this a business computer. it better not be. do you keep important company records or files on this computer. you'd better hope not. because there are files scattered all over it tucked away in invisible hidden folders undetectable by antivirus software the only way to remove them and this message is by a CIDN number

The Trojan horse continues to explain that a "CIDN number" can be acquired by making a payment via Western Union to the hacker, Sophos said. Once the number has been entered, the Trojan promises to remove itself and restore access to the stolen files.

Sophos said the Trojan circumvents attempts to remove it from infected computers once it has activated. If the affected user presses Ctrl-Alt-Del in an attempt to stop the Trojan from running, another message is displayed:

Yeah, We don't die, We multiply! Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest tool in the shed but Crtl+Alt+Del is everyone's S.O.S.

Tags: Information Security Laws, Investigations and Ethics,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Federal efforts to secure cyberinfrastrucure Email and Messaging Threats (spam, phishing, instant messaging) Unified communications: Securing a converged infrastructure Chained Exploits: How to prevent phishing attacks from corporate spies 3FN.net ISP shutdown interrupts spam campaigns Swine flu outbreak results in spam pandemic What does 'invoked by uid 78' mean? Economy fuels malware, spam Internet Explorer 8 includes a bevy of security features Adobe JBIG2 exploits being spammed, IBM warns Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) cypherpunk  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary