Dozens Charged In Use Of Zeus Trojan To Steal $3 Million

The FBI and the U.S. Attorney's office in southern New York announced charges today against 37 people accused of being part of an international crime ring that stole $3 million from bank accounts by infecting computers with the Zeus Trojan and other malware.

Between federal and state charges, more than 60 people total are being charged in the operation, officials said.

Ten people were arrested today by federal and New York law enforcement officers and another 10 were previously arrested in the U.S. as part of a coordinated takedown, authorities said. Seventeen people are still being sought in the U.S. and abroad, officials said. The defendants named in the documents, unsealed by the court today, were all listed as being from Eastern Europe and face federal charges.

Separately, 10 people were charged earlier today in England for similar Zeus-related crimes.

The Zeus Trojan was identified earlier this year as a key factor in the construction of a botnet that infected tens of thousands of computers around the world.

The defendants charged in Manhattan federal court today include alleged managers of the operation as well as alleged money mules recruited to open bank accounts for laundering money and a person accused of obtaining false foreign passports for mules.

The group allegedly recruited mules by placing ads on Russian language Web sites seeking students with J-1 visas, who could open bank accounts in the U.S.

One of the purported victims was identified as a municipal entity in Massachusetts.

Some of the alleged mules are accused of retrieving money from breached brokerage accounts at eTrade and TD Ameritrade. Other defendants allegedly received stolen money from wire transfers to bank accounts in Asia or by withdrawing money from ATMs in New York, the documents indicate.

The investigation appears to have been triggered when New York police detectives went to a Bronx bank in February to investigate a suspicious $44,000 withdrawal, according to a news release issued by the FBI, the U.S. Attorney's office, the New York Police Department, and other agencies.

The charges range from bank fraud and false use of passport to money laundering and conspiracy to commit wire fraud. Maximum prison sentences range from 10 years to 30 years and fines from $250,000 to $1 million per count.


Read more: http://news.cnet.com/8301-27080_3-20018177-245.html?tag=mncol;title#ixzz112wQTfox

Stuxnet Worm Hits Iranian Nuclear Plant

Iran's official news agency said today that a sophisticated computer worm purportedly designed to disrupt power grids and other such industrial facilities had infected computers at the country's first nuclear-power plant but had not caused any serious damage.

The Stuxnet worm, which some see as heralding a new era of cyberwarfare, appeared in July and was already known to be widespread in Iran. In fact, its high concentration there, along with a delay in the opening of the Bushehr plant, led one security researcher to hypothesize that Stuxnet was created to sabotage Iran's nuclear industry.

In addition to emphasizing the threat posed by the worm, which could be used to remotely seize control of industrial systems, today's news could well add to speculation about Stuxnet, the sophistication of which has caused some to suspect that a nation state, such as Israel or the U.S., might be behind its creation.

The worm exploits three holes in Windows, one of which has been patched, and targets computers running Siemens software used in industrial control systems.

Mahmoud Jafari, the project manager at the Bushehr plant, said the worm "has not caused any damage to major systems of the plant" and that a team was working to remove it from several computers, according to Iran's IRNA news agency, which was cited in a report by the Associated Press.

Jafari said the infection involved the personal computers of several staff members working at Bushehr and would not affect plans to open the nuclear plant in October, the AP reported.


Read more: http://news.cnet.com/8301-1009_3-20017651-83.html?tag=mncol;title#ixzz10lUCBP1g

Report: Half Of Apps Have Security Problems

This chart shows the source of application and the failure rate for security acceptance based on how critical the app is to the business.
(Credit: Veracode)


More than half of software used in enterprises has security problems, according to a new report to be released today from Veracode, an application security company.

Veracode looked at more than 2,900 applications over an 18-month period that were used by its cloud-based customers and found that 57 percent of all the apps were found to have unacceptable application security quality.

Eight out of 10 Web apps failed to meet the OWASP (Open Web Application Security Project ) Top 10 requirement that is necessary to achieve PCI (payment card industry) compliance for use in financial and e-commerce sites, Veracode said.

The report finds that third-party code, which is growing in use in enterprises, is often insecure. Third-party suppliers failed to achieve acceptable security standards 81 percent of the time, the report said.

Meanwhile, cross-site scripting remains the most common of all application vulnerabilities, and .NET applications showed "abnormally high" numbers of flaws, Veracode said.

"A lot of work still needs to be done around the work of software security," Sam King, vice president of product marketing at Veracode, told CNET.

Also on Wednesday, WhiteHat Security released a report that found that the average Web site had nearly 13 serious vulnerabilities.

Security Fixes Land In Chrome 6

Google updated the stable and beta builds of its Chrome browser on Tuesday evening, making a fix marked as critical to the Mac version and numerous repairs marked as high-priority across all platforms. Chrome 6.0.472.59 for Windows, Mac, and Linux also repaired a Linux-specific memory corruption bug.

At the time of writing, the critical Mac bug was still blocked from public view. This is not uncommon with bugs that can represent serious security risks. Judging by its public security logs, Google appears to be releasing details on fixed bugs no earlier than a week after the bug has been repaired.

Other security issues that were addressed include multiple high-level bugs involving use-after-free in document APIs, SVG styles, and nested SVG elements. Two high-level memory corruption bugs were also fixed, one in the HTML5 Geolocation feature, and another in language handling for Khmer. Finally, a small number of users who experienced browser crashes when blocking pop ups should now see that fixed. The Chrome 6.0.472.59 changelog can be read at Google's Chrome updates blog.

Adobe Warns Of Zero-Day Hole In Reader, Acrobat

Adobe on Wednesday warned of a zero-day hole in Reader and Acrobat that is reportedly being exploited in the wild.

The critical vulnerability is in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh, according to the security advisory. The hole could allow an attacker to take control of an affected computer and potentially affects millions of computers using the Adobe software, which is the most popular PDF (portable document format) viewer.

The company said it is evaluating the schedule for releasing a security update to resolve the issue.

"Unfortunately, there are no mitigations we can offer," the advisory said. "However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available."
Adobe learned of the issue on Tuesday, according to a company statement.

'LOL Is This You?' Spam Spreading Via Facebook Chat

Facebook on Friday afternoon was investigating what appeared to be a new spam scheme that results in users getting messages from friends over Facebook chat that have malicious links.

The messages say "LOL is this you?" and are accompanied by a link that looks like it leads to a video on Facebook, one victim told CNET. In his case, clicking the link directed to a Web page with a "404-Page Not Found" error message and his account sent the spam out to at least one of his friends, he said.

The spam was also reported on Twitter, but at this point the outbreak seems to be minor..

A Facebook spokesman said the company is looking into the matter.

The spam message is similar to ones used in several phishing attacks on Twitter in February.

Update 10:07 a.m. PDT August 30: A Facebook spokesman provided this comment over the weekend:

"The Chat messages were being sent from compromised accounts and included a link to an application on Facebook that has now been disabled. We disable spam applications as soon as they're reported to us or surfaced by our automated systems and before the scammers can get very far. We also quickly delete malicious links across the Facebook site, and when we detect that an account may be compromised, we block access to it and put the owner through a series of remediation steps."


Read more: http://news.cnet.com/8301-27080_3-20014977-245.html?tag=mncol;title#ixzz0yDnPv6yt

Rustock Botnet Responsible For 39 Percent Of All Spam

Botnets are now responsible for sending 95 percent of all spam, up from 84 percent in April, and almost half of that spam comes from a single botnet, Rustock.

Rustock sent 41 percent of the world's botnet spam in August, up from 32 percent in April. This is despite the network actually shrinking in size from 2.5 million to 1.3 million bots over the same period, security company Symantec said on Tuesday. This means Rustock is currently responsible for 39 percent of all the world's spam e-mails.

"Overall, the total amount of spam in circulation is down slightly from the previous quarters as most botnets have reduced their number of bots, [but] one exception is Rustock, which has decreased its number of bots, but increased its [spam] volume," according to Paul Wood, a MessageLabs Intelligence senior analyst for Symantec Hosted Services. Rustock has been responsible for a 6-percent increase in spam e-mails per day, he said in a statement.