After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand.

According to researchers at CA Security’s malware analysis lab, a new wave of malicious dialers is hitting users of mobile phones. The trojans are built on the Java 2 Micro Edition programming language and cause infected handsets to send SMS messages to high-cost numbers, at great expense to the victim.

“As soon as the application is loaded, this malicious software starts to send premium text messages,” CA warned on Tuesday. “The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user’s knowledge and consent.”

Malware that automatically dials pricey premium numbers was all the rage a decade ago, when dial-up internet services required computers to connect to a phone line. With the growth of broadband connections the frequency of dialers waned.

The explosion of smart phone that can run software made by anyone has given malicious dialers a new lease on life. And as was the case in the days of yore, they mostly tap into porn services.

SOURCE: http://www.theregister.co.uk/2010/01/13/trojan_dialer_comeback/

The plot thickens. According to iDefense Labs, the recent Internet attack that  has so upset Google  affected 33 other US tech and defence firms and is directly related to an Adobe Reader-based attack of last July.

The US flaw-hunting specialist said that the attack was an attempt to steal source code on an industrial scale and was, in many cases, probably successful. If correct, this might explain why Google has by its own normally quite restrained standards gone ballistic to the extent of threatening to quit China.

“Two independent, anonymous iDefense sources in the defense contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof,” said the iDefense press statement, confirming what the world already knows.

It now turns out that Adobe itself was targeted in the latest alleged Chinese attacks, as a statement on its own website explains.

“Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

The note goes on to say that in Adobe’s case, the attack was not successful in stealing any data.

More embarrassingly, a flaw in Adobe software has been implicated in the new attacks. iDefense has forensically linked these to last July’s attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.
As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.

“Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July,” says iDefense.

In fact, it is also possible that exploits go back further since the flaws used in last summer’s attack pre-date the known attack by some months.

Whatever the details, that China is targeting the US technology firms, the government and military is nothing new, as a Northrop Grumman report of last October made clear. It now looks as if the latest cycle of attacks could take US firms, and perhaps even the US government itself, beyond breaking point.

SOURCE: http://news.techworld.com/security/3210137/google-hack-hit-33-other-companies/

Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system.

The intrusion at Suffolk County National Bank happened over a six-day period that started on November 18, according to a release (PDF) issued Monday. It was discovered on December 24 during an internal security review. In all, credentials 8,378 online accounts were pilfered, a number that represents less than 10 percent of SCNB’s total

“Although the intrusion was limited in duration and scope, SCNB immediately isolated and rebuilt the compromised server and took other measures to ensure the security of data on the server,” the bank, located about an hour east of New York City, stated. “To date, SCNB has found no evidence of any unauthorized access to online banking accounts, nor received any reports of unusual activity or reports of financial loss to its customers.”

The breach represents a variation on more traditional types of attacks on online banking. Cyber crooks typically target customers by surreptitiously planting malware on their computers that log their user name and password. The FBI estimates that online banking losses to small and medium-sized businesses alone have reached $100m.

By contrast, accessing a server that storing online credentials for tens of thousands of customers isn’t the kind of intrusion one hears about every day. Best security practices are clear that passwords should never be stored on servers unless they are encrypted.

The bank began notifying affected customers on Monday evening using first-class mail. The two-week delay “was necessary for making a lot of arrangements so we could come out with an absolutely conclusive statement about what happened,” said Douglas Ian Shaw, the bank’s corporate secretary. Retail customers whose details were lifted will be given two years worth of credit monitoring services at SCNB’s expense.

In the fourth quarter, the bank budgeted $351,000, or about 4 cents per share, to account for expenses related to the intrusion. Additional expenses may be incurred.