Posted 10/22/09 at 08:36:28 PM by Ryan Whitwam

DRAM maker A-Data has decided to begin using a new anti-counterfeiting system they are calling “DNA Authentication”.  According to the company, the fraudulent selling of fake RAM is a “serious and growing problem" in the tech world.

It seems A-Data has had a lot of troubles with the selling of fake DRAM chips with A-Data logos. According to the company, “…we adopted the DNA authentication technology to protect our intellectual property and our consumers’ interests."

So what does this mean? When you cut through the marketing speak, it’s basically just a new type of ID label on RAM sticks. To verify the authenticity of the chips, consumers can use a black light to reveal the unique code on the sticker. Like many of these ID systems, the label is designed to tear itself to shreds if removed. Will it do much to stop fraud, or will the fraudsters just fake these labels too?

Read More

Posted 10/17/09 at 11:40:06 PM by Justin Kerr

What do pacifistic mailmen do when they “go postal”? Well, if we limit our sample group to a single mail handler from Philadelphia, then you turn to a life of crime by stealing the easily identifiable video games shipped by online rental service GameFly. The disks come in an easy to spot bright orange package, and Reginald Johnson stole every envelope that he could get his hands on, a tally which would add up to more than 2,200 disks over a six month period. After jacking the disks, he would turn around and sell them to a local Gamestop for a tidy profit.

After being confronted by Police, Johnson led local authorities on a high-speed chase which ended with him crashing his SUV, and being tracked down on foot. When he was finally apprehended, police found 81 stolen games in a duffel bag he was carrying with him. For his crimes, Johnson is likely to receive 12 to 18 months of jail time, and will likely be in search of a new career upon release.

2,200 video games would fetch a tidy sum, but he is still pretty far from beating the record for disks stolen. That honor falls to Myles Weathers, a mail handler from Springfield Massachusetts who managed to swipe over 3,000 DVDs before he was caught.

Did these guys actually think they could get away with this?

Read More

Posted 09/30/09 at 11:15:27 AM by Paul Lilly

Have you checked your bank account balance online lately? If so, you may want to consider verifying the numbers with a paper statement, because what you see on your computer screen might not be indicative of banking activity that's occurring right under your nose, according to a new security report.

Hackers have a new piece of malware to play with, one which not only picks your online pocket, but also hides the evidence of any wrong doing by rewriting online bank statements on the fly. Once the Trojan horse infiltrates a user's PC, it goes to work by altering the HTML coding before it's displayed in the victim's browser, making sure to erase any evidence of money transfers or other unauthorized transactions.

"The Trojan is hooked into your browser and dynamically modifies the text in the HTML," said Yuval Ben-Itzhak, CTO of computer security firm Finjan. "It's a very sophisticated technique."

A gang targeting customers of leading German banks first began employing the ruse in August and managed to steal Euro 300,000 (about $440,000 USD) in just three weeks. Finjan estimates that the gang using the scheme could potentially steal about $7.3 million annually.

While so far relegated to German banks, Ben-Itzhak warned that this technique is likely to spread to other countries.

Cybercrime Intelligence Report, Issue No. 3, 2009 (PDF)

Read More

Posted 09/24/09 at 06:29:46 PM by Jason Barry

A Twitter phishing scam tore across the micro-blogging site over the past few days. It all started with direct messages sent to Twitter accounts saying “rofl this you on here? http://videos.twitter.secure-logins01.com.” The link leads to seemingly innocuous Twitter login page. However, to the keen observer of the URL you can see that it is obviously not an official Twitter site.

Once on the fake login page, if you entered credentials you were taken to a “Too many tweets page” explaining that Twitter is having technical trouble (is it that hard to believe?).

A day or two later, if you logged into your Twitter account you will have found hundreds of get-rich-quick, earn-money-at-home spam messages sent on your behalf.

If you are a victim, you had best change your credentials to your Twitter account and any other sites using similar login information. If you are a casual onlooker, try not to point and laugh.

Read More

Posted 09/23/09 at 08:23:53 PM by Pulkit Chandna

Abuse of online ad delivery platforms is becoming more rampant just as the online ads industry continues to assume more lucrative proportions. A few days ago the New York Times website was making headlines for an embarrassing reason: a malvertiser – author of a malicious advertisement – had succeeded in buying ad space on the site to drive traffic to a malicious website. 

But it shouldn’t take long for the New York Times to get over the embarrassment of serving a malvertisement on its website, especially now that the most consummate player of the online ad game, Google, has repeated the paper’s ignominious feat.

It is now clear that all malvertisements need not exploit third-party ad networks. Malvertisers are fully capable of exploiting loopholes in search ad networks like Google AdWords. Yesterday, TechCrunch was shocked when Google returned a malicious advertisement just above the search results when queried about the search term “Firefox.”

Although the ad appeared to be linking interested users to the official Firefox site, it was actually redirecting them to an entirely different domain, firefox.mozilla-now.com, which doesn’t even belong to Mozilla. The landing page then tried to cozen prospective Firefox downloaders into paying $2.50 per month for “24/7 Expert Customer Support.” The ad was subsequently removed by Google.

"Google's advertising policy requires that the Web site address displayed in the ad must match the domain of the landing page for that ad in order to ensure that users clearly understand the destination Web site being advertised," a Google spokesman told InformationWeek. However, the spokesman did not comment on the Firefox ad. "We use a combination of manual and automated processes to detect and enforce these policies."

Read More

Posted 09/18/09 at 10:14:57 AM by Pulkit Chandna

Phishers have added another trick to their copious arsenal. RSA, the security division of EMC, recently discovered a new type of phishing attack targeting online banking customers. It discovered phishing sites that contain fake live chat support for plausibility’s sake. RSA put its appellative faculties to good use to come up with a name for this new form of phishing attack: “Chat-in-the-Middle."

The attack proceeds in a routine way with unsuspecting online banking customers being led to a phishing page designed to extract their account details. After these gullible visitors are through with the first page, instead of being sent to another phishing page or to the genuine website, they are lead to a fake live-chat support window. The fraudster at the other end, posing as a customer support personnel, then tries to extract more account details from them through social engineering.

According to RSA, the fake live chat support window is powered by Jabber, an open source instant messaging protocol. “While at this point RSA has witnessed only a single instance of this attack, we are recommending extra vigilance to operators of all online banking websites and other websites where user credentials are targeted,” RSA wrote on its blog.

Read More

Posted 09/16/09 at 04:15:33 PM by Paul Lilly

Dude, you're getting a check. That is, if you live in New York and purchased a computer from Dell using a Dell-financed "no interest loan."

The OEM has reached a settlement with New York State Attorney General Andrew Cuomo in which the company will pay $4 million "in restitution, penalties, and costs to resolve charges of fraudulent and deceptive business practices that scammed consumers across New York State."

Cuomo initially filed the suit in 2007 accusing Dell of fraud, false advertising, and deceptive business practices over alleged misleading financing and failing to honor rebates, warranties, and service contracts.

"Today's announcement is the final step in ensuring New Yorkers harmed by Dell's deceptive and illegal business practices are fully compensated," said Cuomo. "Going forward, this deal means that Dell will have to clearly and fully disclose the terms and conditions of their products and services, to avoid this kind of fraud at the consumer's expense. We encourage anyone who was ripped off by Dell to come forward and file a claim to get their money back."

It should be noted that Dell admitted no wrongdoing in the settlement. Nevertheless, New York customers who think they may qualify for part of the $4 million settlement have until December 15 to file a claim, which they can do so at www.nyagdell.com.

Read More

Posted 06/20/09 at 04:41:19 AM by Justin Kerr

One of the biggest concerns for online advertisers these days, is getting the most out of increasingly tight budgets, and protecting themselves from click-fraud can be difficult. Companies bid on search keywords, and depending on the popularity of the term, often pay top dollar to float to the top of the sponsored results list. This model is tested and true, but once they reach their spending limits, they drop off leaving the next highest bidder in their place.  Click-fraud artists can be somewhat hard to trace, they often operate through proxies, or sometimes even botnets to mask their IP’s. But after a year of intense investigation, Microsoft has finally tracked down three individuals linked to a number of small corporation names, and is taking them to court.

Microsoft is seeking about $750,000 in damages from British Columbia, Canada residents Eric Lam, Gordon Lam, and Melanie Suen. “We have decided to become more active in the commercial fraud area on the enforcement side,” said Tim Cranton, associate general counsel for Microsoft. “The theory is you can change the economics around crime or fraud by making it more expensive.”

Analysts believe that Microsoft is simply testing the waters with this lawsuit, and primarily hope that it will intimidate people away from a life of online crime. This specific case involved the three accused fraudsters of running up the tabs on keyword searches related to “auto insurance” and “World of Warcraft”. Once they had expended the budgets of their competitors, their network of sites would slowly float to the top, and pickup traffic at bargain prices.  

With little legal precedent to lean on, do you think this case will be successful?

Read More