Stop press! The art of computer viruses may not be dead, after all.
Vancouver-based artist Bratsa Bonifacho says his latest collection of paintings has been inspired by computer malware.
One of Bonifacho’s virus paintings is titled “Horty MyParty is Weird and Coolnow”.
An unusual name, you might think, but it is apparently inspired by a number of viruses from yesteryear including VBS/Horty (which claimed to offer pornographic content of adult film star Jenna Jameson), 2002’s MyParty email worm, and the CoolNow MSN Messenger worm.
According to the Daily Mail an undercover investigation in India has uncovered that some call center workers have been selling confidential information on nearly 500,000 Britons.
Undercover reporters from The Sunday Times met with two individuals who claimed to be IT workers who offered to provide them with 45 different types of data gathered from the victims.
Information offered up included names, addresses, phone numbers and credit card details (including CCV/CVV codes and expiration dates).
The reporters allege they could purchase the records for as little as 2 pence apiece ($0.03 USD). One of the
IT workersthieves bragged:
"These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We’ve been dealing so long we can tell the bank by just the card number."more
With British students about to start another year at university, the last thing they probably want to hear is that there is a problem with a student loan.
But that’s precisely the camouflage that online scammers are using to steal personal information today.
An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently.
Here’s a typical spammed-out message we’ve seen in our traps:
Student Loan Update.
Dear Student Finance Customer.
We at HM Government noticed your Student loan online log in details is incorrect and need to be updated.
DOWNLOAD THE ATTACHMENT TO UPDATE YOUR ACCOUNT NOW
Inline Verification. Directgov UK.
Student Loan Update.html
Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a website to the phishers.
Sophos products block the message as spam, and block the webpage that the HTML form is attempting to post the personal information.
Remember to always be suspicious of unsolicited attachments. Also, I would hope that a good student would have noticed the grammatical mistake in the phisher’s email..
Naked Security has been hearing from our Canadian readers about more fake technical support calls trying to get people to infect themselves with fake anti-virus software, keyloggers and remote control software. That’s right, they are calling people on the telephone and trying to defraud them in numerous ways.
The fraudulent callers represent themselves as being from Microsoft, Telus (one of the traditional Canadian phone companies) and other brands believed to be trusted by the intended victims.
As we have reported previously the calls seem to originate from overseas call centres, but often use caller ID numbers that appear to be local. They likely are taking advantage of extremely cheap Voice Over IP technologies that allow them to purchase local phone numbers.
They falsely claim the user’s computer has been sending error messages to them and that they are calling to help fix their PCs. Their modus operandi varies, although the outcome is always the same: them stealing your money.
They usually offer to assist you through remote control software, often from legitimate vendors like LogMeIn. Once they are able to access your PC they will install fake anti-virus software or other malware and charge you for the privilege. This way they get two bites at the apple… Once for the technical support incident and another when you pay for the rogue security suite.
This has been common enough recently that Telus has posted an advisory on their website. Telus states that they are working with the Royal Canadian Mounted Police to trace the origin of the calls and recommend Telus customers who believe they have been defrauded call 310-2255.
A recent study by Microsoft showed that the average Canadian victim had $1560 USD stolen from their accounts. It is important to apply the same skepticism to incoming phone calls as you would apply to unsolicited emails or strangers ringing your doorbell.
Paul Ducklin and Sean Richmond of Sophos Australia recorded a podcastexplaining these scams and provide advice on how to avoid becoming a victim, I recommend listening to it and sharing it with your friends and family.
These attacks aren’t just affecting Canadians, we have had reports from Australia, the United Kingdom and the United States as well. Stay vigilant and remember, hanging up isn’t rude when someone is calling to scam you.
Thanks to Savio in SophosLabs Canada and Naked Security reader Lystra for contributing information to this story
Last week President Obama announced his proposal for updates to US cybercrime law. While I am not a lawyer, I have spent a significant amount of time poring over the legal documents to extract their meaning and provide my comments.
The proposed legislation is quite long and detailed, so I will begin with the changes that will impact law enforcement. These changes relate to what items are criminal and the penalties the courts may impose for breaking the law.
In my second post I cover the proposed nationalData Breach Notification Act.
- The Racketeer Influenced and Corrupt Organizations (RICO) Act would be updated to include organized computer criminals. This law was originally designed to target mafia-like crime syndicates and would now include their electronic equivalents.
- The Computer Fraud and Abuse Act (CFAA) would be modified with new restrictions for judges during sentencing. Attacks against critical infrastructure would have a mandatory minimum sentence of three years.
- Cyberattackers targeting critical infrastructure would not be eligible for probation or concurrent sentencing (unless it is the same crime) or eligible for a reduction of their sentences for multiple counts of the offense.
- Maximum sentences would be changed from ten years to 20 for attacking US government systems related to defense, energy or foreign relations.
- Maximum sentences would be changed from one year to three for unauthorized access to records or systems related to financial services, government systems or foreign/interstate communications. They would change from five years to ten if the purpose is private gain or commercial advantage or if the value of the information exceeds $5000.
- Maximum sentences would be reduced from five years to one for unauthorized access to non-public government computers.
- Maximum of 20 years for unauthorized access or exceeding authorization to obtain more than $5000 in a year’s time.
- Maximum of 20 years for someone who “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer” resulting in more than $5000 in damages, tampering with medical systems, causing physical injury, causing a threat to public health and safety, interfering with systems related to defense, justice or national security, or ten or more computers in a one year period.
- A maximum of life imprisonment for incidents that result in someone’s death.
- Maximum of ten years for unauthorized access causing reckless damages.
- Maximum of one year in prison for unauthorized access causing damages.
- Maximum of ten years for “knowingly and with intent to defraud [trafficking] in any password or similar information through which a computer may be accessed without authorization.” This provision previously applied only to US government systems.
- Maximum of ten years for extortion using a threat to attack/expose flaws in security.
- A long list of changes related to the forfeiture of profits and assets in any way related to the aforementioned criminal activity.
The raising of maximum penalties gives American judges more flexibility and sends a very clear message to cybercriminals. However, the requirement for a three year minimum sentence for attacking critical infrastructure raises questions.
There are many shades of grey when it comes to unauthorized access to sensitive systems and mandatory minimums do not account for the edge cases that a judge can take into account.
The adjustments to the RICO statute are a welcome change and by including organized cybercrime provide new tools for law enforcement to treat electronic crimes just like any other.
The addition of this statement:
“knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer”
appears to directly address today’s malware threat. Facing up to 20 years for what many consider to be mischief sets the record straight. Producing and spreading malware is a serious crime, and under this proposal, if you participate you could face serious penalties.
Contact me at : firstname.lastname@example.org