[IS&T Security-FYI] SFYI Newsletter, November 7, 2008

Monique Yeaton myeaton at MIT.EDU
Fri Nov 7 16:57:51 EST 2008 

In this issue:

1. Trojan Horse Strikes Again
2. Passport Application Data Theft
3. Spam Attacks Using U.S. Election as Lure


-------------------------------------
1. Trojan Horse Strikes Again
-------------------------------------

Researchers have uncovered a trove of financial account data stolen by  
a Trojan horse program known as Sinowal over the last several years.  
As many as half a million accounts have been compromised; more than 20  
percent were stolen in the last six months alone.  Sinowal, which is  
also known as Torpig and Mebroot, spreads through websites onto  
unpatched PCs without any user interaction.  That the Trojan had been  
operating for nearly three years has been called "extraordinary."  It  
lies in wait on infected PCs; when a user enters a banking URL, it  
offers up a phony site to collect the pertinent data and then sends  
the information back to a drop server.

Read the full story:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9118718&intsrc=hm_list 
 >


-------------------------------------------
2. Passport Application Data Theft
-------------------------------------------

The U.S. State Department has notified 383 people that their personal  
information supplied when applying for a passport may have been  
compromised.  A man arrested earlier this year was found to have  
credit cards in nearly 20 different names; several passport  
applications in his possession matched the names on some of the  
cards.  The information from the applications was allegedly used to  
open the fraudulent credit card accounts.  The suspect told  
authorities at the time that he had two accomplices, one at the State  
Department and the other at the U.S. Postal Service.

Read the full story:
<http://www.msnbc.msn.com/id/27475651/>
<http://www.washingtonpost.com/wp-dyn/content/article/2008/10/30/AR2008103004716_pf.html 
 >


--------------------------------------------------------
3. Spam Attacks Using U.S. Election as Lure
--------------------------------------------------------

You may have noticed (if you look in your spam folder, or if these  
emails make it past your spam filter) that a lot of spam is making use  
of this week's historic U.S. election outcome to download Trojans or  
do other nasty things to you or your computer. Here's a run-down of  
the subject lines I received in my spam folder in just the past few  
days:

World Welcomes Obama's Win
Obama Wouldn't Be First Black President
Obama's Father Died
McCain's Mother Was Shot in Public

Another spam message apparently has a video featuring Obama's  
acceptance speech. Once users open the link, a Web site actually links  
to a file called adobe_flash_exe, a malicious Trojan downloader  
designed to distribute information-stealing software on unsuspecting  
victims' computers. Upon execution, the compromised machine receives a  
Rootkit that sends the user's personal data to numerous command and  
control centers.

The story about the Rootkit can be read here:
<http://www.crn.com/security/212000813>

Sensational stories that feed on our interests are a strong lure and  
spammers know this. If you don't recognize the "from" address, it's  
best to not open these emails. In other words, my warning is  
"curiosity killed the cat" (sorry, cat).

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20081107/ea60dca7/attachment.htm

More information about the ist-security-fyi mailing list