Security Bytes: CPAs facing data fraud risk

By SearchSecurity.com Staff 08 Jun 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

CPA group faces data fraud risk
The American Institute of Certified Public Accountants (AICPA) has acknowledged that a hard drive with the unencrypted names, addresses and Social Security numbers of most of its 330,000 members has been missing since February.

The hard drive was accidentally damaged by an AICPA employee and shipped off to an external data-recovery service for repair, in violation of AICPA's policies, Joel Allegretti, spokesman for the New York-based organization, told Computerworld. The hard drive was being returned to the AICPA via FedEx but never arrived, Computerworld reported. Allegretti didn't say when exactly the drive disappeared, but he did say it was due back at the AICPA "towards the end of February."

The AICPA began notifying members whose personal data was compromised on May 8, Allegretti said. Jim McClusky, a spokesman for Memphis, Tenn.-based FedEx Corp., told Computerworld it's unclear what happened to the drive, but that it's working to track it down.

Blackmailing malware storms Russia
A new variant of the GpCode virus is spreading across Russia, encrypting victims' files and demanding ransom for decrypting the files. According to Russian antivirus firm Kaspersky Lab, Virus.Win32.GpCode.af uses a more secure encryption algorithm than a previous variant that was spreading last week.

"Kaspersky Lab strongly recommends that anyone who has had files encrypted should contact [the vendor's] virus lab," the vendor said on its Web site. "Under no circumstances should users give in to blackmail, as this will encourage the authors of this program to create new versions."

Kaspersky Lab has determined that the latest variant was mass mailed starting May 26, when several thousand Russians received an email with this text [translated to English]:

Hello !

We are writing to you regarding the resume you have posted on the job.ru website. I have a vacancy that is suitable for you. ADC Marketing LTD (UK) is opening an office in Moscow and I am searching for appropriate candidates. I will soon be asking you to come in for an interview at a mutually convenient time.

If you are interested in my offer, please fill out the attached form related to compensation issues and email the results to me.

Sincerely,
Viktor Pavlov
HR manager

The attached Microsoft Word file is named anketa.doc and contains malware called Trojan-Dropper.MSWord.Tored.a. Once the recipient opens the file, a malicious macro installs another Trojan into the local system called Trojan-Downloader.Win32.Small.crb. This is the Trojan that takes GpCode from a malicious Web site and loads it onto the local machine.

The author of GpCode has conducted similar mass mailings over several days, and Kaspersky Lab is trying to find and shut down the malicious Web site.

Two adware mavens merge
Two embattled adware makers are merging operations and developing a new brand. Bellevue, Wash.-based 180Solutions Inc. and New York-based Hotbar.com Inc. announced a definitive merger that takes effect immediately, and the new organization will take the controversial Zango name. Zango is a 180Solutions program that delivers pop-up ads, and several antispyware vendors have fingered the program as a form of spyware. 180Solutions has faced fierce criticism in the recent past, with the Center for Democracy & Technology (CDT) accusing it of "illegal and deceptive practices" in dropping unwanted software on millions of machines.

HP addresses Sendmail flaw
Hewlett-Packard Co. has addressed a security hole affecting Tru64 UNIX and HP Internet Express programs that run Sendmail. Danish vulnerability clearinghouse Secunia said in an advisory that the flaw is caused by a signal-handling error when receiving and processing mail data from clients. Attackers can exploit it to corrupt memory by sending specially crafted data at certain time intervals.

The HP Web site outlines the fixes available for different versions of the affected products.

Tags: Identity Theft and Data Security Breaches,  Malware, Viruses, Trojans and Spyware,  Emerging Information Security Threats,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Security expert's PCI analysis misguided, says PCI Council GM External attacks start with unintentional mistakes, survey finds Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary