1
   

New virus targeting bank accounts

Forums: Internet
Email this Topic Print this Page
 
 
Walter Hinteler
 
Reply Thu 3 Jun, 2004 01:13 pm
Quote:
New virus targeting bank accounts
From correspondents in Germany
June 4, 2004

GERMAN authorities today alerted computer users to a new Internet virus targeting bank accounts and credit cards and bearing a striking resemblance to the Sasser worm that disabled millions of systems worldwide last month.

The Federal Office for Security in Information Technology (BSI) in the western city of Bonn said the new Korgo virus exploited security loopholes in the Microsoft operating system Windows.

Like Sasser, Korgo does not require users to open an email to unleash its destructive capability but can attack anyone connected to the Internet.

According to trade magazine PC Professionell, Korgo primarily seeks out online banking passwords and credit card numbers. It said affected users should change all their passwords and cancel their credit cards.

The virus has attacked Microsoft operating systems including Windows 98, Me, NT, 2000 and XP. Microsoft has uploaded protection "patches" to shield computers against Korgo, the BSI said.

"We are working on the assumption that only a small group of users has been affected because most people acted to protect themselves after Sasser," said a Microsoft spokesman in Germany, Thomas Baumgaertner.

An 18-year-old German man confessed last month to creating that Sasser worm. He faces up to five years in prison.
(AFP)
Source
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 837 • Replies: 6
No top replies

 
Walter Hinteler
 
  1  
Reply Thu 3 Jun, 2004 01:20 pm
Quote:
New Viruses Hit 30-Month High June 3, 2004
Sophos says there were 959 new viruses released on the Internet last month, the most since December 2001.
By TechWeb News

The number of new viruses released on the Internet in May hit a 2-1/2-year high last month, an anti-virus vendor says.
Five new viruses released in May made Sophos' Top 10 for the month. Included are Sasser, Netsky-Z, Sober-G, Bagle-AA, and Lovgate-V, the company said Wednesday. Sasser led the pack in the number of infected machines reported.

Sophos found a total of 959 new viruses on the Internet in May, the highest number since December 2001. That number includes new viruses that were variants of older ones.

Also, security vendor Symantec Corp. on Wednesday upgraded the Korgo.F virus to a level 3 from a level 2, because of an increase in submissions, the company said.

"W32.Korgo.F includes backdoor functionality that could leave systems open to unauthorized access," Alfred Huger, senior director at Symantec Security Response, said in a statement. "This backdoor functionality could result in a loss of confidential data and may also compromise security settings."

Korgo.F attempts to propagate by exploiting a Windows XP and 2000 vulnerability reported by Microsoft on April 13.

Source
0 Replies
 
Walter Hinteler
 
  1  
Reply Thu 3 Jun, 2004 01:23 pm
Quote:
W32.Korgo.F now a Level 3 threat

Date: 03 June 2004 Issue: ninetyone (31/05/04 - 05/06/04)
(ICT World)
Category: Technical


Due to an increase in submissions in the last 12 hours, Symantec Security Response has upgraded W32.Korgo.F from a Level 2 to a Level 3 threat.

"W32.Korgo.F includes backdoor functionality that could leave systems open to unauthorised access," says Alfred Huger, senior director, Symantec Security Response. "This backdoor functionality could result in a loss of confidential data, and may also compromise security settings. This threat is another strong example of why it is critical for computer users to be diligent in applying security patches, keeping virus definitions updated, and following best practices."

According to Symantec W32.Korgo.F is a worm that attempts to propagate by exploiting a Microsoft Windows vulnerability publicly announced on April 13 - Microsoft LSASS Buffer Overrun Vulnerability. This blended threat, says the company, affects computer users on Windows 2000 and Windows XP.

Symantec says W32.Korgo.F will listen on TCP ports 113 and 3067 and could open back doors on those ports.

Threats to privacy and confidentiality, says the company, have been the fastest growing threat in recent months, with the Symantec Internet Threat report released in March showing a 514% growth in volume of submissions within the top ten.

"The rising incidents of blended threats with the potential to open backdoors, demonstrates the importance of an integrated approach to security within the infrastructure" says Kevin Isaac, regional director, Middle East & Africa. "A firewall will block unusual port traffic by default, and, when combined with updated anti-virus and intrusion detection systems, offers top level protection. If users are affected, there is a free removal tool, as well as manual removal instructions on http://www.securityresponse.symantec.com."

Symantec says it strongly advises users to apply the patch provided by Microsoft for the LSASS Buffer Overrun Vulnerability as soon as possible. In addition, Symantec recommends that users update their anti-virus definitions to prevent exploitation of this threat. It says that users should also check that their firewall is configured to block ports 113 and 3067.

More information and virus definitions are available at http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.f.html.
Source
0 Replies
 
cavfancier
 
  1  
Reply Thu 3 Jun, 2004 01:44 pm
Erm, tell me about it. I just had to taxi to two different branches of my bank to find one that worked. It was a serious pain in the ass. Not only that, hundreds of government workers didn't get paid today here.
0 Replies
 
Walter Hinteler
 
  1  
Reply Thu 3 Jun, 2004 01:56 pm
Cav, that was due to another reason:

Computers will be fixed today, bank says

(Obviously not the computer day, today: No flights from UK airports )
0 Replies
 
cavfancier
 
  1  
Reply Thu 3 Jun, 2004 02:03 pm
Well, I must admit, Royal Bank (my bank) got things settled pretty quickly. I am and end-user, and I do know better then to open attachments, but it seems to me that these people creating viruses are just getting more clever. If only they could use their powers for good, and not evil. Wink Yes, it was a different glitch here, but it still makes one ponder how many more are in the making.
0 Replies
 
hamburger
 
  1  
Reply Thu 3 Jun, 2004 07:39 pm
NEW VIRUS
the royal bank of canada is still not up-to-date in processing transactions. went to the bank of tuesday to see if my pension was in : IT WASN'T . phoned a clerk at my old company to complain that pension not in account. got assurance that money had been transferred to the bank. of to the bank; two frazzled bank- ladies, water bottles in hand, had to explain to irate customers about computer glitch. we have another account with another bank, so we didn't have to go hungry (also keep some gold-coins for real emergency ! ). latest update from >>>ROYAL BANK (CANADA) hbg
0 Replies
 
 

Related Topics

Obama Promotes Making the Internet a Utility - Discussion by engineer
YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Tracking and revealing the trolls....ok or not? - Question by dlowan
You are calling Congress about SOPA today, right? - Discussion by maxdancona
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Are you for or against net neutrality, and why? - Discussion by Pronounce
Internet Explorer 8? - Question by Pitter
Blizzard Forum Says You Must Use Real Names ... - Discussion by jespah
 
  1. Forums
  2. » New virus targeting bank accounts
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 04/19/2024 at 12:10:42