Tech Alert Briefing for 9/9/2011

September 9, 2011

Welcome to Tech Talk!
Here are the selections Tech Talk Editors George Milner and Teri Wesley have collected from this week's tech news:

Get the details below.Custom financial malware
In Shakespeare's play "The Merchant of Venice," Shylock was a loan shark.The 2011 version of Shylock is malware programmed to attack global financial institutions and to collect money from unsuspecting bank customers.Developed with unique mechanisms not found in other financial malware toolkits, this Shylock has been custom fitted with financial fraud capabilities designed to fly under fraud detection radars. Help Net Security has the details on this sophisticated threat to your customers' financial information.

New ZeuS on the loose
Security researchers at anti-virus firm Trend Micro have identified a new variant of the notorious ZeuS bank trojan that is targeting banks around the world. HSBC of Honk Kong is among the major global financial institutions on the new ZeuS' hit list. Financial firms in the United States and other countries may be targeted as well. Help Net Security has the details. Make sure your security software stays up-to-date to guard against these developing threats.

Back to school: Using your college ID at the ATM
Banks are always looking for new accounts and many target university students. Cedarville University is sharing part of the magnetic stripe on their college ID card with Fifth Third Bank. This exclusive arrangement allows the bank to offer special accounts to students and allows the students to use their college ID in an ATM. You can bet that they will be offering this at other colleges and universities. If you think this technology would interest your new accounts department, check out all the info at Mybanktracker.com.

Fraud expert fooled by fraudsters
Even the most vigilant consumers and card users can fall victim to data theft. U.S. Attorney Jenny Durkan, Chair of the Justice Department's Cybercrime subcommittee and a Washington Chief Law Enforcement officer, shares her recent firsthand experience as an ATM skimming victim in which thieves stoler her debit card and $1,000 from her bank account. Get all the details at Bank Systems & Technology.

Programmer purloins photos and more
A 32-year-old paraplegic computer programmer, Luis Mijangos netted $1,000 a week performing legitimate programming and website development services. In his spare time, the disabled data thief used his skills for ill-gotten gain, disguising malware as music or videos, taking control of more than 100 computers, and stealing as much as $3,000 a day from unsuspecting victims.Computerworld has more on the story that reminds bank customers to be ever vigilant about computer security. It's often the person they least suspect that could be trying to steal from them.

Banks are paying the price
When a data breach occurs the only "winners" are the thieves who manage not to get caught.The victims, consumers, business account holders, and banks come out on the losing end. Someone has to pay the high price for the financial losses incurred by fraud.Recent court cases brought against banks by corporate customers who fell victim to phishing scams have found that courts favor the side of the customers, reports Infosec Island.Financial institutions need to adhere to the FFIEC's authentication guidelines and take the necessary measures to protect their users and their networks.

High cost of cybercrime
Online crime is hitting three times more victims than offline crime, according to a study by security software provider Symantec Corp. In the past year, 431 million adults were victims of cybercrime involving computer viruses, malware and more.The Norton Cybercrime Report 2011 estimates the cost of this rising global threat at $114 billion annually - surpassing the value of drug trafficking, reports Reuters. You can view the complete Norton Cybercrime Report 2011 for more details.

Today's tangible threat
Ten years ago, no-one was prepared for the catastrophic attack that rocked our country to its very core. Today, terrorists are using cyberspace weapons to target critical U.S. infrastructure systems, including financial, telecommunication and military networks. The Bipartisan Policy Center's National Security Preparedness Group (NSPG) has released its Tenth Anniversary Report Card on the progress we've made to increase our nation's information security in the past ten years - and where we still need to improve. Read highlights from the report atComputerworld.

Growing market for mobile malware
The use of mobile devices is expanding rapidly - and as it does the market for mobile malware is expanding with it.McAfee's quarterly threat report for the 2nd quarter this year revealed that the number of malware threats rose 22 percent faster during the first six months of 2011 than last year, with the Android taking the lead as the most targeted platform for mobile malware. CIO has more on mobile data security. Today's mobile devices are mini computers and should be protected as such. If you don't already have one in place, create a security policy specific to mobile device usage in your organization.


The latest reports on breaches and scams:

• CNET: Comodohacker is back
• Sophos: Phishing for student loans
• PC World: HBGary hackers nabbed
• Krebs on Security: Rent-a-Bot Networks
• Threatpost: Anonymous sets sights on the stars
• Computerworld: Money for Microsoft Ransomware

Join

Paul Carrubba
and Dan Fisher

in a 2-hour
LIVE Webinar

Wednesday,
November 16, 2011

Consumer and Small Business RDC Mobile Capture? Deposits on the Move!

If your financial institution is about to offer or considering extended remote deposit capture for small businesses and consumers, you need to be aware of the unique added risks involved in that market. Regulators will expect you to have completed a thorough risk analysis and prepared a risk mitigation program for the expanded client base. This webinar will review the risks that consumers and small businesses present, and provide the information you need to ensure you'll be able to analyze and manage the risks to protect your institution.


Can't attend?
Order the CD ROM of the program now.
Payment Card Industry Data Security Policy Template On the lighter side ...
You're not old...you don't look a day over.... But when you take a nostalgic look back at technology the way it "used to be", you may find that you feel a little....
Updates, Patches and Alerts...

• US CERT: Current Activity
• IT World: Microsoft patches SSL security threat
• Sophos: Firefox 6.0.2 fixes yet more DigiNotar certificate fallout
• Computerworld: Microsoft plans 15 patches for Windows, Office next week

Subscribe to Tech Talk and BOL Tech Advisories
  In the Banker Store
CD ROM Training
IT Regulatory Issues - What's on the Radar for 2011
Video Training
FACTA:
Responding to Identity Theft
CD ROM Training
"Two-Faced-Book" Facebook Policy Can Serve You Well  Archived Articles on Technology and eBanking You have access to archived Tech Talk pages and Tech Alerts on BankersOnline's
Technology & eBanking Archive page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.   Support the vendors who support BOL! Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support BankersOnline.com. Find them now in Our Sponsors and BOL Vendor Connect.