Authorities lasso alleged debit card fraud ring
Fourteen people have been arrested in New Jersey for allegedly using stolen credit and debit card data to make counterfeit cards, which were then used to make purchases and take money from cardholder accounts. The fraudulent activity forced banks across the U.S. to freeze accounts and reissue hundreds of thousands of debit cards.
Hudson County Prosecutor Edward DeFazio told CNET News.com that most of the arrests were made in the last two weeks and that all the suspects are American citizens. Some of the stolen credit card information came from the office-supply chain OfficeMax and North Carolina's State Employees' Credit Union, among other businesses, DeFazio said, adding, "We had cooperation from the security people from many victimized businesses."
Visa and MasterCard have blamed a growing number of debit account thefts on a security breach suffered by a merchant they've refused to identify, the CNET News.com report noted.
The latest bulletin comes a week after security experts complained that the most recent security update failed to fix all the problems advertised. That patch added a function to the Safari Web browser, iChat instant messaging program and Apple Mail client that warns users when a download is potentially malicious. But experts found the patch still left attackers room to ram through a certain type of malicious application that looks like a safe file on the surface. In addition to addressing that issue, Apple fixed:
- A boundary error in Mail that can be exploited to cause a buffer overflow via a specially crafted e-mail.
- An error in Safari/LaunchServices that can cause a malicious application to appear as a safe file type.
Trojan locks down files, demands ransom
Chicago-based security management firm LURHQ Corp. has identified a new Trojan horse that locks down files on infected machines and demands a ransom. In an analysis on its Web site, LURHQ said Cryzip uses the same tricks as some other recent malware, such as the PGPcoder Trojan.
"In May 2005, a Trojan called PGPcoder was discovered in the wild by Websense Security Labs. The Trojan's purpose was to encrypt a user's files, then demand a ransom for their decryption," the firm said in its analysis. But unlike PGPcoder, which used a custom encryption scheme, "Cryzip uses a commercial .zip library in order to store files inside a password-protected zip."
When run, Cryzip searches the C drive for files, which it will .zip, overwrite with the text "Erased by Zippo! GO OUT!!!" and then delete, leaving only the encrypted .zip file with the name "original-file-name_CRYPT_.ZIP," LURHQ said, adding that the infection vector is currently unknown and infection reports aren't widespread.
McAfee corrects faulty AV update
Santa Clara, Calif.-based McAfee Inc. has corrected a faulty AV definition update that flagged hundreds of legitimate programs as a virus. The Bethesda, Md.-based SANS Internet Storm Center (ISC) was among the first to mention the problem late last week.
"Friday we started receiving reports of file deletion problems from admins using McAfee AV." A faulty .DAT file incorrectly identified many executables as the W95.CTX virus, ISC said on its Web site.
McAfee quickly realized what was happening and issued a new virus pattern file. In an advisory, McAfee said the problems primarily affected customers running VirusScan Enterprise, Managed VirusScan, VirusScan Online, LinuxShield and VirusScan.
Liberty Alliance deploys new federation services
The Liberty Alliance Project, a global consortium working to develop open standards for federated identity management, has announced new identity management deployments worldwide and the expansion of its global deployment workshop programs. The organization called the moves an important step toward driving federated ID management into the mainstream.
"With the adoption of Liberty identity standards steadily increasing, Liberty Alliance expects that there will be well over 1 billion Liberty-enabled identities and devices by the end of 2006," the alliance said. "This number includes the identities of individuals around the world logging into Liberty-enabled Web sites as well as the many enterprise and consumer devices, such as smart cards, cameras, computers and mobile phones, that currently support Liberty's user-centric identity management capabilities in open federation and identity-enabled Web services deployments."
More information on the latest deployments is available on Liberty's Web site.