Friday 19 April 2013

Bank Sues Cyberheist Victim to Recover Funds

A bank that gave a business customer a short term loan to cover $336,000 stolen in a 2012 cyberheist is now suing that customer to recover the fronted funds, after the victim company refused to repay or even acknowledge the loan.
robotrobkbOn May 9, 2012, cyber crooks hit Wallace & Pittman PLLC, a Charlotte, N.C. based law firm that specializes in handling escrow and other real-estate legal services. The firm had just finished a real estate closing that morning, initiating a wire of $386,600.61 to a bank in Virginia Beach, Virginia. Hours later, the thieves put through their own fraudulent wire transfer, for exactly $50,000 less.
At around 3 p.m. that day, the firm’s bank — Charlotte, N.C. based Park Sterling Bank (PSB)– received a wire transfer order from the law firm for $336,600.61. According to the bank, the request was sent using the firm’s legitimate user name, password, PIN code, and challenge/response questions. PSB processed the wire transfer, which was sent to an intermediary bank — JP Morgan Chase in New York City — before being forwarded on to a bank in Moscow.
Later that day, after the law firm received an electronic confirmation of the wire transfer, the firm called the bank to say the wire transfer was unauthorized, and that there had been an electronic intrusion into the  firm’s computers that resulted in the installation of an unspecified strain of keystroke-logging malware. The law firm believes the malware was embedded in a phishing email made to look like it was sent by the National Automated Clearing House Association (NACHA), a legitimate network for a wide variety of financial transactions in the United States.
As some banks do in such cases, Park Sterling provided a provisional credit to the firm for the amount of the fraudulent transfer so that it would avoid an overdraft of its trust account (money that it was holding for a real estate client)  and to allow a period of time for the possible return of the wire transfer funds. PSB said it informed Wallace & Pittman that the credit would need to be repaid by the end of that month.
But on May 30, 2012 — the day before the bank was set to debit the loan amount against the firm’s trust account — Wallace & Pittman filed a complaint against the bank in court, and obtained a temporary restraining order that prevented the bank from debiting any money from its accounts. The next month, the law firm drained all funds from all three of its accounts at the bank, and the complaint against the bank was dismissed.
Park Sterling Bank is now suing its former client, seeking repayment of the loan, plus interest. Wallace & Pittman declined to comment on the ongoing litigation, but in their response to PSB’s claims, the defendants claim that at no time prior to the return of the funds did the bank specify that it was providing a provisional credit in the amount of the fraudulent transfer. Wallace & Pittman said the bank didn’t start calling it a provisional credit until nearly 10 days after it credited the law firm’s account; to backstop its claim, the firm produced an online ledger transaction that purports to show that the return of $336,600.61 to the firm’s accounts was initially classified as a “reverse previous wire entry.”

Java Update Plugs 42 Security Holes

Oracle Corp. today released an update for its Java SE software that fixes at least 42 security flaws in the widely-installed program and associated browser plugin. The Java update also introduces new features designed to alert users about the security risks of running certain Java content.
42bbJava 7 Update 21 contains 42 new security fixes for Oracle Java SE. A majority of these flaws are browse-to–a-hacked-site-and-get-infected vulnerabilities. According to Oracle, “39 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password” [emphasis mine].
There does not appear to be any update for Java 6. Oracle was to stop shipping security fixes for Java 6 in February, but it broke from that schedule last month when it shipped an emergency update for Java 6 to fix a flaw that was being used in active attacks. When I updated a machine running the latest Java 6 version (Update 43) it prompted me to install Java 7 Update 21. Update, 5:42 p.m. ET: Twitter follower @DonaldOJDK notes that Java 6 Update 45 is indeed available here.
javawarningsJava 7 Update 21 also introduces some new security warnings and message prompts for users who keep the program plugged into a Web browser (on installation and updating, Java adds itself as an active browser plugin). Oracle said the messages that will be presented depend upon different risk factors, such as using old versions of Java or running applet code that is not signed from a trusted Certificate Authority.
Apps that present a lower risk display a simple informational message. This includes an option to prevent showing similar messages for apps from the same publisher in the future. Java applications considered to be higher risk — such as those that use an untrusted or expired certificate — will be accompanied by a prompt with a yellow exclamation point in a yellow warning triangle.

DDoS Attack Targeting Dutch Banking System

Another DDoS attack on Dutch Banks, SNS bank post on its Twitter that online banking is unavailable and bank Suffering a Cyber attack,There are problems with iDeal payments and Paypal.
ABN AMRO
Thursday ABN Amro was also hit by a DDoS attack. Therefore the website of the bank was inaccessible and customers could not online banking . Also log on to mobile banking was not possible.
In recent days, ING and Rabobank also were victim of DDoS attacks. Thereby a large amount of data traffic is sent to servers, which which are temporarily inaccessible.
On Social media customers are talking about what should they do and how much money is safe to have at home,Some even make a joke of how often online banking system is ONLINE!

Microsoft have spotted a Trojan downloader executes files deletes itself

Microsoft malware protection center discovered a  malware  a trojan downloader, and is capable of deleting its downloaded component files in a way that makes them essentially unrecoverable.
The threat detected as TrojanDownloader:Win32/Nemim.gen!A.
Sometimes, when we don't have any evidence of what an individual downloads, we cannot be sure what the result of infection will be. Occasionally we can't replicate the downloader if the URLs are unavailable, so it can be difficult to know how to mitigate the threat. In the case of this downloader, however, we've observed it downloading a password stealer. As such, if you're infected with TrojanDownloader:Win32/Nemim.gen!A, we recommend you change all account passwords after you've cleaned your system, as it's likely you've also encountered PWS:Win32/Nemim.A.( read Microsoft Blog)
Below are the component files that Microsoft found that this malware downloads and executes, the ones that will eventually be deleted by the malware itself:
  • Virus:Win32/Nemim.gen!A – This is a file infector that attempts to infect executable files in removable drives. Infected files are detected, and subsequently cured, as Virus:Win32/Nemim.A. It appends its code to the Host file but it will not infect other files, rather it will only drop and execute the malware TrojanDownloader:Win32/Nemim.gen!A.
  • PWS:Win32/Nemim.A – This malware is a password stealer that attempts to steal account credentials from the following:
  • Email accounts (SMTP, POP3, HTTP mail, IMAP) that was setup in the system
  • Windows Messenger/Live Messenger
  • Gmail Notifier
  • Google Desktop
  • Google Talk

Dutch ABN-AMRO bank under massive cyber attack for second time this week.


Recent days other Dutch financials organizations and banks like ING Bank suffering DDoS Attacks. Yesterday 18 april 13 at 6:19 local time official Twitter account post that the Online and mobile banking is not reachable  cause of DDoS Cyber Attacks. At 16:00 ABN- AMRO online banking services still have difficulty.Publicsays  Dutch banks not informing customers about the attacks ,this week Budgets information Center advice that to have have some cash at home.