"Sholar said the unauthorized transfers appear to have been driven by 'some kind computer virus.'"

This is how Walt Scholar, County Attorney of Bullit County, Kentucky, describes what lead to $415,000 being stolen from Bullit County's bank. 

A malicious trojan keylogger is apparently to blame, but the cyber criminals definitely knew what they were doing. According to the Washington Post's "Security Fix" story on the trojan,

"'...the criminals stole the money using a custom variant of a keystroke logging Trojan known as "Zeus" (a.k.a. "Zbot") that included two new features.

'The first is that stolen credentials are sent immediately via instant message to the attackers.

'But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.'"

It doesn't really get much uglier than that, as that's enough to defeat all but the most complex bank and credit card consumer protections. As the piece goes on to point out, it's really only the commercial banks that have the resources to protect their customers with even more robust mechanisms.

"Many online banks will check to see whether the customer's Internet address is coming from a location already associated with the customer's user name and password, or at least from a geographic location that is close to where the customer lives.

"By connecting through the victim's PC or Internet connection, the bad guys can avoid raising any suspicions."

All-in-all, it's really a truly fascinating story with excellent coverage in the Security Fix blog, and it's a reminder of four things to me:

1. run antivirus software (preferrably an Internet security suite)
2. keep them updated
3. listen to them when they complain

For a very brief version of the heist at virusbtn.com:
Keyloggers used to loot US county

For slightly more thorough coverage at theregister.co.uk:
Kentucky payroll phishing scam nets small fortune

It didn't take long for the spammers, scammers, and scumware makers to try to take advantage of Michael Jackson's sad passing.

SophosLabs brings news that,

"Just after about 8 hours of his demise, SophosLabs witnessed the first wave of spam messages employing the sad news in the subject line and body part to harvest victims’ email addresses."

A Computerworld.com article, which also mentions the SophosLabs blog, quotes Sophos security researcher Graham Cluely as saying,

"I wouldn't be surprised to see hackers claiming that they have top-secret footage from the hospital, perhaps [allegedly] taken by the ambulance people, that then asks you to install a video codec"

Then once you click on the supposed codec update link you're instantly infected with a virus / trojan. Blech.

Sad as it is to see criminals capitalizing on such events, we're not surprised. There's no depth too low for virus writers to stoop when it comes to trying to infect and take over your computer.

If you're unsure when the last time your A/V software was updated, you might want to take a look and see; if you're not yet running antivirus / Internet security software, there's no time like the present. I guarantee the people responsible for attacks like these aren't going to be easing up anytime soon--if ever.

The cheeky folks at The Register bring us this news of a new Trojan DNS attack, DNSChanger that can compromise multiple different OSes.

The upshot isn't that Mac and Linux/Unix users need to be worried per se, but that they should still be concerned if they're using DNS servers set by their DHCP provider. Why?

When your get your IP address from a third party DNS server, as is the case with most cable modems, DSLs, and dial-ups, you rely on the DNS server settings passed down to your machine.

This is the case no matter what operating system you're running (unless you manually override these settings and hard code them) [N.B. This is trivial to do in Mac/Unix/Linx by editing /etc/hosts, but that's beyond the scope of this blog.]

So in any case, if a Windows machine is compromised, other machines sharing the same DHCP server as the compromised Windows machine can be thus attacked via settings given to it by the Windows machine that has been victim of the DNSChanger Trojan.

For the kids in the cheap seats and anyone else not paying attention, this means if you're using:

1. a cable modem
2. DSL
3. dial-up
4. corporate network using a DHCP server

YOU my dear reader are susceptible to this nasty bugger of a trojan. (You're also vulnerable if you're on another type of network we can't think of that assigns IP addresses and DNS settings via DHCP.)

For everyone out there, for the record, we do encourage you to hard code your DNS settings. (Look to your favorite search engine if you're unfamiliar with how to do this.) And, as always, we certainly encourage everyone to compare antivirus software and choose one with the right features and price for your needs.

OK, we're normally a pretty computer security oriented lot around here, but a post we came across today at DailyArtisan.com has us even more concerned than normal. :-(

Trojan Microchips from China is the theme, and if true, it's downright alarming. Even if only partially true, it should raise the hair on the back of all our necks.

The gist of the piece is that Robert Eringer, a former FBI spy, has claimed that China has planted trojans in the microprocessors -- the actual CPUs themselves mind you -- of many computers on the market today and that chances are high your computer may have one of these trojans.

We say "may" because we want to be cautious about laying too much blame where none has yet been definitively established.

Nevertheless, if true, this is ugly stuff. Really ugly stuff in fact.

"'It is there, deep inside your computer, if they decide to call it up,' the security chief of a multinational corporation told The Investigator.

'It is capable of providing Chinese intelligence with everything stored on your system — on everyone’s system — from e- mail to documents.

'I call it Call Home Technology. It doesn't mean to say they're sucking data from everyone's computer today, it means the Chinese think ahead — and they now have the potential to do it when it suits their purposes.'"

Obviously, the identity of the source of this statement is being protected, but given that it's "security chief of a multinational corporation," chances are high this isn't just some chump making idle claims.

Whatever the case, we're going to continue to follow this story.

The question we'll no doubt be getting from many is, "What do I do?"

It's unclear what can be done at this point, but we'd hope that most decent antivirus software--especially that which also includes a firewall--would help you detect any unauthorized connections and allow you to prevent them from happening.

Given that these are the CPUs themselves that Eringer claims have been infected, it's impossible for us to say for sure if the software would detect these connections or if such connections would sneak out unnoticed.

 The best thing to do, we believe, is to be aware of threats such as these and take reasonable precautions--like running  good antivirus software you can afford--and to do your best to be aware of what your security software is actually telling you.

Read the warning messages and do your best to learn what they mean and if you're genuinely at risk or if it's a false alarm.

Years ago, when I personally first began getting interested in computer security, I learned,

"The most dangerous thing you can say to yourself in assessing risk is, 'It's not like....' because as soon as you've told yourself, 'It's not like....' you've just given someone the means by which to attack your system.

 "The smart thing to do is to assess risks honestly and to instead say, 'This is unlikely to be a risk because....' That way you're at least allowing yourself the mental capacity to go back and reassess things again later whereas if you say, 'It's not like....' you're actually closing that mental door altogether. Not smart."

In other words, don't just ignore your antivirus / firewall software when it complains about something! Be smart, listen to it, and learn what it's trying to tell you. What you learn from it in a few minute might just shock you.