Virus Harvests Confidential Banking Info from ATMs

A new virus has been discovered on ATMs throughout Russia and the Ukraine. The ATMs; running Microsoft’s Windows XP operating system, appear to have had been infected with a 50Kb piece of malware. The malware, which ran under the guise of lsass.exe, an executable which is normally used to cache users credentials to make accessing data easier, evaded normal virus scans and security checks.

As the piece of malware sits undetected, it gathers not only the card number of any card used on the machine, but also the start and expiration date of the card, the pin, and the 3-digit security code. All of this information was stored on the ATMs hard drive until the person controlling the virus decided it was time to collect. The method for retrieving the data was also very smart and likely contributed to staying undetected for so long. When the thief was ready to collect, they simply went to the ATM, inserted a preprogrammed “trigger” card, and all of the data was printed out via the ATMs receipt printer. So far, the malware has been found on 20 ATMs, and the experts at SpiderLabs, the company that located the bug, has said that it is likely it if more wide spread, and likely to continue to spread. It is up to banks to now tighten up their security procedures as well as pay careful attention to the audit trails that up until now have been used to make sure customer data was being transmitted securely.

As a bank user, the best thing you can do is pay careful attention to your bank and credit card statements and your credit report. You can get a free credit report for the Big 3 credit agencies by visiting https://www.annualcreditreport.com/, or check with your bank/credit card company to see if they offer free/cheap credit monitoring.

 

 

See the article on New Scientist for more info.

Bookmark this post:

What's a Conficker?

What is the Conficker Worm?

Conficker (also known as Downup, Downadup, and Kido) is a worm that has been spreading across the Internet since around October of 2008, of course, this is just an approximation, and the actual origin is not known for certain. Conficker specifically targets the Windows operating system (Windows 2000 Pro, XP home, XP Pro, XP Media Center Edition, Windows Vista, Windows Server 2003, Windows Server 2008). It spreads via malicious web sites, emails, and sharing infected files via P2P software.

What does Conficker do?

As of now, all that is has done is install itself, break your antivirus software, and modify some system files to make itself very hard to remove. It is also likely that if you got the Conficker Worm, you got other malware as well that causes the common symptoms (pop ups, slowness, etc). In addition, it creates false URLs in order to spread it self, and also downloads more malware to your system.

The big concern with this worm is that is has spread so much. Current estimates indicate that it could be installed on as many as 15 Million computers world wide. Now, if it stay dormant and does nothing, that's not that big of a deal, but experts don't think that it is going to stay dormant. Analysts who have looked into the worm believe that on April 1st, 2009 (tomorrow) the worm is programmed to "phone home" and update it self with new instructions, and that is a major concern.

The potential for a worm like this is massive, and the update could make the worm do anything from delete files, download more malware, turn your computer into a spam bot (a computer that sends out massive amounts of spam) or all the infected computers could be combined to form a massive botnet, which would be leased to the highest bidder.

A bot net, is a network of computers, usually lots of home systems spread across the world, that are controlled as a single unit and used to either send out massive amounts of spam, or to DDoS targets. If used as a botnet and the target is a bank, a utility company, or even a few large organizations the results could be crippling. If they target ISPs, the Internet could come to a crawl, if they target a company, they could lose massive amounts of business.

The problem is, at this point, we don't really know what will happen, and that is scary. But not to worry, we are not helpless.

Symptoms of Conficker:

• Users being locked out of directories
• Access to admin shares denied
• Scheduled tasks being created
• Access to security related web sites is blocked.

How to stop Conficker:

This worm uses a known exploit in Windows that Microsoft has patched a long time ago. The problem is, many people don't update their computers, so the fix is never installed. So the first step is to update your computer.

1. Go to update.microsoft.com and install all of the latest updates for your computer. Once they are installed, reboot your computer, and go back and run the updates again. Keep doing this until no more updates show as needing to be installed.
2. Update your anti virus software. Open up the software and run the automatic update. If your subscription is expired, either renew it right now, or uninstall it, and download and install a free anti virus like AVG
3. After the updates, run a full system scan, and delete any threats that have been found.
4. Restart your computer, and run the full system scan again.
5. You can also use an online scanner like Trend Micro's Housecall,  Symantec's Removal Tool, or
Microsoft's Malicious Software Removal Tool

For more information about the Conficker Worm See the following:

Microsoft Malware Protection Center

Microsoft Help and Support

McAfee Conficker Information Page

Symantec's Conficker Information Page

Bookmark this post:

Instant Messaging in the work place

No No No, this is not some blog about how instant messaging is a waste of company resources, or how to do it without getting caught. This is a blog about how great a tool instant messengers can be for a  company.

As a tech, instant messaging has been a tool that I have used in the work place for as long as I can remember. It, along with email, are the primary way I contact other techs. Recently, many clients have thought about implementing a good instant messaging software for their employees to use, but are concerned about the risks IM software poses, as well as the loss of productivity that may occur is people can just chit chat all day.While both of these concerns are valid, there are solutions in place for both, but before we worry about the risks of using Instant Messaging software, lets look at some of the benefits.

The Benefits:

1. Fewer Interruptions - A lot of the work I do requires me to concentrate on several things at once. Because of this, other interruptions, big or small can cause a problem. If I'm "in the zone" and get a phone call or even worse, someone comes over to talk to me, I usually get distracted and then have to take the time to regroup my thoughts before I can get back to what I am doing, some times it takes only a minute, but sometimes, it takes longer depending on the task at hand. If someone IM's me, I can wait until a natural break in my work occurs, like when I complete a thought and write it down, I can then look at the message, respond, and then move on. And lets face it, most things can wait a couple of minutes, so that delay usually isn't a big deal, and if it can't wait, you can still call.
   
2. Convenience - For me Instant messaging is easier and more convenient that making a phone call. I have a list of names in front of me so I don't need to look up a number, and most times I only have a  quick question, so its just simpler to ask. It also gives the other person a minute to look up and answer if they need to, and you aren't wasting that minute sitting on hold. You also aren't interrupting the person like mentioned above.
   
3. Tracking Employee Conversations - Yes, I know, most people absolutely hate this, but it is a perk for a business. My company logs all conversations held via IM for every employee, the boss will occasionally read through the logs just to see what we are up to. Do we stop joking around, sending funny links and pictures, nope, and he doesn't expect us to. Then why does he do it? So he can see what we are up to. If we are asking each other a lot of questions, or a lot of people are asking about the same thing, maybe its time for an email explaining something, or a training. If we are all complaining about a customer, maybe its time to reevaluate them as a customer. It is also helpful for when we ask a question to a superior and then do what we are told and it turns out to be wrong, we simply pull the log and say "I did ask, and was told to do this" or if a dispute occurs between what was said and what was done. It gets resolved quickly.

The Risks:

1. It is Informal - People sometimes forget that not everything should be discussed via IM. Confidential client information, or confidential company information usually shouldn't be discussed over IM. IM should be an unofficial communication channel. Things that need to be "on the record" should be communicated in person or in formal writing, like email.
   
2. Data Security - There are some risks when using IM. Most are not encrypted by default, because they are meant to be informal forms of communication. The logs are also not encrypted in many cases, so information that shouldn't be shared may be. Depending on the software you use, this data could also get out of the company (although much of the IM software available currently has the ability to make it internal only)
   
3. Viruses and Malware - There are a lot of viruses and Malware that target popular IM software. If you allow communication with outside users, this can be an issue. To prevent this, make your IM internal use only and have a good AV software running.
   
4. People will use it for Chit Chatting - Yes, people will chit chat with one another and talk about non work related things. As long as it is within reason, its no big deal, they are going to do it anyway, and there are far worse things your employees can be doing aside from communicating with one another.

Bookmark this post:

Getting Rid of Anti-Virus 2009 and Similar Infections.

Anyone who has been doing computer repair in the last 6 months has without a doubt heard about antivirus 2009, and most likely seen in a few times. It has become one of the biggest annoyances yet and this is for trained computer technicians. After several infections on client computers I have come up with a pretty straight forward method of getting rid of it that both IT professionals as well as home users can follow.

This guide can help you remove: AV2009, AV2008, antivrus XP Pro, AV360, antivirus 360, and many similar variants.

Follow the steps below while logged in as the user having trouble. (logging in as another user makes this much more difficult)

1. The first thing to do may seem like the most obvious, but most people don't bother doing it. Uninstall the software. You can uninstall AV2009 by going to Start --> All Programs --> Antivirus 2009 --> Uninstall Antivirus 2009. This should immediately stop the pop ups from occurring.
2. Use windows Search and search you drive for av2009, delete all files with that name.
3. Download CCleaner and install it.
4. Under tools, go to startup and look through your start up items for av2009 entries and select the option to delete them. While here, verify all startup items as legitimate. Once done, use CCleaner to remove all temp files, cookies, and to clean up your registry (remember to backup your registry before making any changes)
5. Once you are done with CCleaner, download and install Malware Bytes Anti-Malware Tool. The free tool is all you will need for this removal, but you should consider purchasing the full version as it is very helpful.
6. Update MBAM with the latest  definition files and run the Quick Scan
7. Once the quick scan completes, delete all threats that it finds and reboot to deleting anything it could not delete after the scan.
8. Once the first scan/delete is finished, reboot your computer into safe mode.
9. Run a full system scan with MBAM in safe mode
10. Delete all threats found and reboot again
11. Run Microsoft Update to ensure your system is fully up to date

AV2009 should be completely gone at this point. If it is not, the most likely cause is that you missed an entry in the start up items.

 

 

NOTE: Before doing any virus clean up, you should backup all critical data to an external drive or DVD. Be sure to scan the files before copying them back to your computer in the future.

Bookmark this post: