Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

European Cyber-Gangs Target Small U.S. Firms, Group Says

The US’ Financial ISAC (Information Sharing and Analysis Center) issued a warning to all of it members regarding the increase, in the last six months, of funds transfer fraud taking place. Financial institutions, security companies, media and law enforcement agencies are being targeted by Eastern European groups that work to siphon funds through wire transfers. Smaller companies are being targeted as they do not attract the attention as if the same attacks targeted larger institutions.

An organization’s controller or treasurer are the targets of a message that contains either a virus-laden attachment or a link that surreptitiously installs malicious software designed to steal passwords. Once the credentials are in hand the cybercrooks initiate multiple wire transfers in amounts less than $10,000 to avoid an organization’s bank’s anti-money-laundering reporting requirements. Some of the funds are transferred directly to Eastern Europe while other funds are wired to accounts set up by “mules” in the US who then send funds to Eastern Europe.

Click here for more information.

Mass infection turns websites into exploit launch pads

Exploiting vulnerabilities in websites is the best way to infect large numbers in a relatively short period of time. The more trust worthy the website the quicker the infection rate. Websites, such as New York Methodist Hospital have been hacked through SQL injection vulnerabilities. When a visitor lands on the site malware is unknowingly installed on the visitor’s computer. Such malware contains a keystroke logging function. To date this specific piece of malware has infected around 57,000 web pages.

Click here for more information.

Is Your PC Bot-Infested? Here’s How to Tell

In the last two years the number of BotNets grew from 1,500 to 3,500, according to BotNet researchers. Each BotNet could contain several thousand computers and computers may belong to multiple BotNets.

As reported in earlier News Bits, there is money in creating and building BotNets, networks that can be leased by other members of the malicious community. Money is to be made by those who lease BotNets.

The following is a good read regarding programs that may be used to detect if one’s computer is part of one or more BotNets.

Click here for more information.

UK.gov revives net cut-off threat for illegal downloaders

In the on-again, off-again world of “3-stikes” laws, it is on-again in the UK. When many in the UK felt users being disconnected from the Internet after illegally downloading copyright material from the entertainment industry, the First Secretary of State’s stance appeared to change after a meeting with Hollywood mogul David Geffen.

While complete disconnection from the Internet may seem harsh, especially for others in the household affected by such disconnection, the thought is to bring in sanctions. Sanctions, such as blocking access to download site and reducing broadband speeds could be one of the less severe sanctions.

The government wishes for the cost of protecting copyright material to be a 50-50 split between ISPs and the entertainment industry.

Ofcom, the organization originally tasked with infringement oversight and enforcer would now only be tasked with oversight while the First Secretary of State would make the determination of guilt.

Click here for more information.

Pink Floyd worm spreads on ‘Chinese Facebook’

Much attention has been on the hacking attempts used on social networking sites Twitter and Facebook. Hackers are exploiting the already surpassed hurdle of trust associated with such networks. The Pinkren-A worm has been unleashed on Renren, the popular Chinese social networking site that currently boasts around 40 million members. Disguised as Pink Floyd’s video clip, “Wish You Were Here”, selecting the message results in infection through the execution of a malicious JavaScript. It appears the virus spreads through the social networking site without doing anything more malicious.

Click here for more information.

Scammers step up attacks on Warcraft players

The wildly popular Worlds of Warcraft (WoW) is in the hacker crosshairs. Online gold and assets turn into real money when players pay to acquire such riches outside of their normal gaming capacity. Official WoW forums are being used to spread links, leading to malware distribution. Such malware is designed to steal passwords and other game credentials from users by presenting forum visitors with a page telling them that their Adobe Flash player needs updating. The result is the downloading of a malicious Trojan instead of an Adobe update.

Phishers are also busy issuing spam under the name of WoW’s creator, all with the goal of obtaining the game player’s credentials.

Click here for more information.