Forgot your password?
typodupeerror
Security

PC Invader Costs a Kentucky County $415,000 192

Posted by kdawson
from the don't-be-stupid-out-there dept.
plover recommends a detailed account by Brian Krebs in the Washington Post's Security Fix column of a complex hack and con job resulting in the theft of $415,000 from Bullitt County, Kentucky. "The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. ...the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country... [T]he criminals stole the money using a custom variant of a keystroke logging Trojan known as 'Zeus' (a.k.a. 'Zbot') that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection."
This discussion has been archived. No new comments can be posted.

PC Invader Costs a Kentucky County $415,000

Comments Filter:
  • Windows TCO (Score:5, Insightful)

    by harmonise (1484057) on Tuesday July 07, 2009 @07:32PM (#28615751)

    Don't forget to include this in your Windows TCO calculations.

    • Re: (Score:3, Interesting)

      by Jurily (900488)

      But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

      Actually, if you root a *nix box, this part looks kinda trivial.

      • Re:Windows TCO (Score:4, Insightful)

        by clang_jangle (975789) on Tuesday July 07, 2009 @07:45PM (#28615883) Journal

        But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

        Actually, if you root a *nix box, this part looks kinda trivial.

        Yet we don't see much of that, do we? In spite of the massive *nix share of the server market, it's windows systems that prove easiest to compromise.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          keyloggers aren't used on servers as much...regardless of the OS.

        • Re:Windows TCO (Score:5, Insightful)

          by Evil Shabazz (937088) on Tuesday July 07, 2009 @08:23PM (#28616129)
          Your conclusion is debatable, particularly resting on the tenuous footing of your supplied argument. However, that doesn't matter at all. You see, it doesn't really matter whether Unix or Windows is easier to compromise. What matters is that the easiest people to compromise use Windows.
          • Re:Windows TCO (Score:5, Insightful)

            by Mista2 (1093071) on Tuesday July 07, 2009 @09:00PM (#28616429)

            I use Windows, OS X and Linux, and none of my PCs have ever been compromised, but the Windows one sure is harder to protect.

            • Re: (Score:2, Insightful)

              by cawpin (875453)
              Knowing which is hardest to protect would require ALL of them to have been compromised at least once. Since NONE of them have been you have no basis for a comparison.
              • Re:Windows TCO (Score:5, Insightful)

                by andy_t_roo (912592) on Tuesday July 07, 2009 @09:42PM (#28616729)
                He does have a basis -- the effort (time or cost) required to get the system to a state where compromise was not likely.

                simplified a bit :
                Linux - don't run as root, install updates regularly, think twice before entering root password.
                Windows - attempt to have the logged in user not running as admin, install updates regularly, install run update and monitor virus scanner + firewall software. think twice before entering admin password (if running as non-admin)

                OSX - never had admin on OSX, from what i understand its the same as linux with respect to security.

                the effort to run (pre vista) windows as non-admin is substantially harder than non-admin linux.
                installing updates is approximately the same effort.
                windows (currently) requires extra software installed to be secure.

                Objectively windows is harder to secure (harder on 2 out of 3). (this also assumes that this is the minimum effort required to secure each system to the same level - on any system you could spend much more effort due to a lack of knowledge, or wrong pre-conceived ideas concerning security)
                • by cawpin (875453)
                  I wasn't talking about an objective comparison based on common beliefs. I was simply saying that his statement is not provable for his systems unless they have been compromised. You have to be compromised before you can KNOW what is required to prevent it.
                  • Re: (Score:3, Funny)

                    by Jedi Alec (258881)

                    Wow...that's quite something.

                    So you're saying that until they have both been broken into and their car radio's removed, there's no way to prove that it's easier to lock up a tank than it is to lock up a convertible with a cotton roof?

                  • I wasn't talking about an objective comparison based on common beliefs. I was simply saying that his statement is not provable for his systems unless they have been compromised. You have to be compromised before you can KNOW what is required to prevent it.

                    A car analogy: one takes the fastest car in the world, and let it race a mile against me, me being by foot. So you state that although the car might finish the mile in a few seconds, it is not proven to be faster UNTIL I HAVE CROSSED THE FINISH-LINE?!?

                    Go back to school.

                • Re: (Score:2, Informative)

                  by Anonymous Coward

                  Also from the point of view of exposed services and access requred for various functions.
                  OS X shares nothing by default, and allows the firewall to lock out anyone not on the local subnet.

                  RPC requires a whole shotgun full og holes in a firewall to allow AD login across secure zones, LDAP directories are realy simple in comparison

                  For Linux, I only install the software for services I want, and allows much better control of who can do what as root using sudo, (and the same with OS X too)
                  SSH provides a secure

            • by MrCrassic (994046)
              How so?
          • by Locutus (9039)

            it's the same people who are pretty much computer illiterate and just squeak by using Windows who are Microsoft's best customers. Keep'em dumb, keep'em taking everything shoveled in front of them. The other day, a salesman from a computer shop specializing in Windows asked me to send his wife a link to some pictures. After a few emails, he didn't know the link I emailed him was just something he could use a browser to see. WTF and how to these people get paid for so little ability to use even the simplest p

          • by Ihmhi (1206036)

            I would think the yearly Pwn2Own competitions is a pretty good indicator. A Windows, Mac, and Linux system are all set up with the latest security patches from their respective OSes. The first person to compromise the system gets to keep it. Every year I've read about it, the order from first to last compromised has been Windows, Mac, and Linux.

            • by scubamage (727538)
              If I remember correctly, this year it went Mac, Windows, Linux as the exploiter made use of an unknown bug in Safari. Point stands, I'm just saying the order was possibly different - I'm feeling a bit too lazy to look it up and check :).

              I think that's an important thing to mention though - see, OSX is still based on BSD. However, even the most secure OS on earth can still be compromised if the software it runs is shoddily programmed.

            • > Every year I've read about it, the order from first to last compromised has been Windows, Mac, and Linux.

              Which year? And which pwn2own contest are you talking about?

              In 2006, there was no pwn to own cansecwest contest.
              In 2007, it was mac first, but only macs were prizes ;).

              In 2008, it was mac first again (out of OSX, Ubuntu and Vista) on day 2 (nobody managed to pwn anything under the day one rules), and vista only on day 3 (due to adobe flash exploit).

              http://dvlabs.tippingpoint.com/blog/2008/03/27/day- [tippingpoint.com]

        • Re: (Score:2, Insightful)

          by overbaud (964858)
          It's more a case of windows machines are the most profitable. If there was a larger profit to be made in *nix boxes it would be done. Theives don't have a technology alliance, they are not fans boys or anti fan boys, they are motivated by the money.
      • But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.

        Actually, if you root a *nix box, this part looks kinda trivial.

        The hard part is doing it without rooting. Which happens to be a lot easier in windows. If you rooted the box you could do a lot more useful things easier then what this malware did. Imagine having all the payroll information for the county and the fraud that would enable.

    • Re:Windows TCO (Score:5, Insightful)

      by erroneus (253617) on Tuesday July 07, 2009 @08:30PM (#28616189) Homepage

      I love the thought behind the comment, but I think we are arriving at a kind of plateau where it is not so much the OS as the users being stupid and uneducated while management policy is too lax when it comes to computer use.

      With text-based computer usage, that was rarely if ever a problem simply because the fun things to do were rather limited and certainly didn't involve a live connection to a public internet. But the more connected we became, the more fun things there were for people to do. Suddenly with Windows + Internet access, the door flew wide open with everything from BonziBuddy to Weatherbug to all sorts of other gadgets, games and gizmos. This escalation of extra-curricular activity has never been treated as a threat or as a problem by many and has continued unabated.

      What is needed, whether running Windows, Linux or MacOSX on the desktop, is a means to EFFECTIVELY prevent the installation of unauthorized software and data. That is a complicated trick for a variety of reasons not the least of which is the face that the file system doesn't care if a file is data or executable code no matter where it is located in the file system. (This is a problem that should be fixed in ALL OSes) There are effective tools to prevent a lot of such things, but all of them require what should have been done to begin with -- careful system software planning and implementation. There are limits to which the OS itself can be blamed and that's what I am really trying to get at.

      On one hand, there is the threat of running as the superuser on any OS which is unquestionably a problem. On the other, there is running as the user. Running programs as a user, from a user's writeable data space is often enough to give malicious software operators what they are looking for anyway. Many of them seek personal information, so if they can get code running on a remote user's system that will give them access to that user's data, that's enough of a threat. Getting "superuser access" merely gives them a way to infiltrate the system at a much lower level and make removal much more difficult. So merely patching or preventing superuser access from being taken, assumed or otherwise utilized is only a part of the problem and one that is increasingly realized as irrelevant to malware authors.

      In the end, the TCO of Windows, in this respect, is still lower if for no other reason than the likelihood that someone has a quick and easy way to reload the system clean is pretty high up there. There are fewer quick solutions to fixing or cleaning up a compromised system under Linux or MacOSX... with good reason -- they aren't your typical targets.

      But I believe we are close to reaching a plateau at which there is only so much that can be done to secure an OS without proper planning and implementation taking the lead concern as it should have always been.

      • Re: (Score:2, Informative)

        by gd2shoe (747932)

        That is a complicated trick for a variety of reasons not the least of which is the face that the file system doesn't care if a file is data or executable code no matter where it is located in the file system.

        Please elaborate. You sound more intelligent than this, so I assume I misunderstand you.

        Most filesystems do keep tabs on which files are executable, and which ones are not. Of course, Windows defaults to executable, and the rest of the world defaults to not-executable. On the other end, processors now recognize the no-execute bit on memory. This makes it possible (easier?) to avoid accidentally running data in an executing program (ex: some buffer overflows). Of course, for these things to work properl

      • When mounting a filesystem under OpenBSD you can specify that any file within that mount cannot be executed. I find that this is very much a valuable flag (noexec) when you are mounting /tmp and /home as it pretty much prevents execution of files outside of expected areas.

        http://www.openbsd.org/cgi-bin/man.cgi?query=mount&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html [openbsd.org]

        Of course if it is a script, nothing stops the person from calling the interpreter first. e.g. perl

      • "What is needed .. is a means to EFFECTIVELY prevent the installation of unauthorized software and data"

        Run the software off a readonly USB device and you are safe from the desktop OS.

        --
        mode me up insightful please :)
    • by MrCrassic (994046)
      Just like they forgot basic security measures, right?

      Yeah, this isn't a Windows problem. You do know that Linux/UNIX boxes can get 0wn3d, right?
  • by gd2shoe (747932) on Tuesday July 07, 2009 @07:34PM (#28615765) Journal
    They set up a system that required multiple credentials to transfer money, but one of those credentials could be used to reset the other? Give me a break! This was a system deliberately setup to look more secure than it actually was. The Controller was relying on that extra protection the bank was offering. It seems the county was scammed twice!
    • by Meshach (578918)

      They set up a system that required multiple credentials to transfer money, but one of those credentials could be used to reset the other? Give me a break!

      To be fair the article says that the malware created the direct connection. The direct connection was probably not there by default.

      • by gd2shoe (747932) on Tuesday July 07, 2009 @08:05PM (#28616001) Journal

        No, I am being fair.

        Direct connection or not, that login shouldn't have been able to reset the other one. There are several reasons why two people needed to approve transfers from that account. Being able to unilaterally reset the Judges credentials is a big fat security hole in its own right.

        Sometimes an attack must rely on more than one vulnerability. This is one of those. Thus, I didn't say that the bank is 100% responsible, only that they hold some responsibility.

    • by plover (150551) * on Tuesday July 07, 2009 @08:19PM (#28616097) Homepage Journal

      My wife has long had to transfer money between various commercial accounts at her jobs. As far back as I can remember, the banks issued her RSA tokens which were required to authorize the transfers.

      I can't imagine a commercial bank NOT using a secure crypto system with an air gap. If the county is concerned about two authorizations, so much the better: issue the judge his own token.

      Even that could be compromised by a hacker who owned the treasurer's computer, but it would have been almost impossible to run the scam 500 times in a few days like this guy did.

      • by gd2shoe (747932)

        Even that could be compromised by a hacker who owned the treasurer's computer

        Basically, he did own the Treasurer's computer, and that was the whole problem. In this case, the "air gap" should have been required to reset the judge's credentials.

        This is akin to a bank which cashes a check requiring 2 signatures, even if the signatures are exactly the same (or a whole bunch of checks, actually). It looks more secure on the face of it, but it is equally secure to requiring one signature only.

        I do like the idea of banks issuing tokens of some kind (or a list of one-use authorization pa

      • "I can't imagine a commercial bank NOT using a secure crypto system with an air gap."

        Dood, remember, this is Kentucky we're talking about here. The same place where an anonymous caller's commands to disrobe and be spanked (and perform other various sexual acts) was enough for a young adult Kentucky female to obey (recall that McDonald's episode?).

        Also, isn't that the same state that moron senator McConnell is from?

        • Idiots live everywhere (and keep in mind the plural of 'anecdote' isn't 'data'.) It might be that Kentucky has less money than other states, but I wouldn't say they're correspondingly "dumber" than other states.

          Also, isn't that the same state that moron senator X is from?

          That pretty much describes all 50 states.

      • Man in the middle attacks still work, they can just let you use your token to authorize their transfer rather than the one you are seeing on your screen. The calculators which give a response to a challenge suffer from the same problem, unless they use the recipients bank account as part of the challenge (mine doesn't, for large amounts it uses the amount as a challenge but a trojan could still route it to a different account).

        Ideally banks would just give out a USB device which shows the bank account and a

        • by mhall119 (1035984)

          SSL should prevent man in the middle attacks, except that you really can't trust the trusted certificates issued by the usual pre-approved CAs anymore. If you really want to be safe, delete all default trusts and only add those for sites you can verify yourself.

  • Obligatory: (Score:5, Funny)

    by Joe Snipe (224958) on Tuesday July 07, 2009 @07:36PM (#28615785) Homepage Journal

    Identity Theft [youtube.com]

  • by roc97007 (608802) on Tuesday July 07, 2009 @07:42PM (#28615841) Journal

    All that work, and they netted less than a half million?

    • by CorporateSuit (1319461) on Tuesday July 07, 2009 @07:53PM (#28615955)
      No kidding, if they were real hackers, they would have gotten away with $1.337 Million.
      • by Zoxed (676559)

        > if they were real hackers

        And if they were real criminals, they would have trousered $64.8 billion.

    • by gd2shoe (747932)
      This isn't the first or last place they've hit. Half a million is only a portion of their "net proceeds".
    • by rdnetto (955205)
      They could be playing it safe. Once you hit a million, you're in the big leagues and go straight to the top of the Most Wanted list.
  • Malware has been installing proxies and/or phoning home for years. (backdoors to direct-connect to/through your machine, instant messaging keystrokes).
  • by davidsyes (765062) on Tuesday July 07, 2009 @07:45PM (#28615873) Homepage Journal

    From the site:

    http://voices.washingtonpost.com/securityfix/2009/07/an_odyssey_of_fraud_part_ii.html?hpid=sec-tech [washingtonpost.com]

    one reader wrote in:

    "I guess we don't know how the attackers somehow got the Zeus Trojan on the county treasurer's PC (presumably the county doesn't want to say and the FBI told them not to discuss details of the case anyway), but I'm curious whether that PC had security software installed, whether it was up to date, which security software can deal with the Zbot (ZeuS bot) Trojan, etc.

    ---------

    Well, i have an idea, and it's TFO (Totally Frackin' Obvious)... and might be how it happened. A poor old cleanup crew member may have been elicited to put a USB device on a bank manager machine that might not have been watched by a camera. Might have trained the cleaner to surveil the PCs, determine their visibility to cameras, then trained the dupe into deftly/swiftly attaching a USB attack device while feigning scraping something sticky from the floor, or emptying waste bins that were tough to get the bag from....

    Just my eye-dea... and the FBI may not want THAT to get out lest other banks suffering poor camera placement succumb to the same thing...

    Or, a native of the Ukraine/U-area working at the bank might have been subjected to manipulation of some sort, but trained to be deft and not come under suspicion. Just my inflation-deprived-$0.02-cents...

    • by gd2shoe (747932) on Tuesday July 07, 2009 @08:19PM (#28616093) Journal

      I have a much more likely scenario. They simply spread their malware everywhere, and waited to see what sensitive systems they'd netted! They needed to dupe people into sending money overseas to them. I doubt they have any non-electronic influence in the states. The story indicates that the fake company name has been repeatedly tarnished... meaning it's very likely that they've done this before and will do this again. It probably got on by worm or trojan. Once there, it sat dormant while the hackers figured out which computers were of value to attack.

      • Re: (Score:2, Interesting)

        by mistahkurtz (1047838)

        I have a much more likely scenario. They simply spread their malware everywhere

        with drive-by downloads, phony system messages, work attachments from infected friends, lovers, coworkers, etc. just like what happened to a coworker, an above-average computer user for an IT company. all of a sudden he's got (literally out of nowhere) a new, very microsoft-looking anti-virus* (and considering that ms just came out with, or is coming out with a free fully-featured AV app, (which he knows, since he's in charge of enterprise software, including microsoft EA, etc.) he almost leaves it alone,

    • by sgt scrub (869860)

      You make it sound like they used security measures. If they are anything like what I've experienced just in the last few years, they allow their employee's to take home laptops. The employee's install malware on them as fast as humanly possible to get the latest roller babies video and what not then share crap with each other over internal file servers and email. Just place a bridge with tcpdump & ssldump on their connection to the web and watch. The amount of UDP high port to high port traffic, P2P

    • by ducomputergeek (595742) on Tuesday July 07, 2009 @08:31PM (#28616193)

      Find out if the bank manger smokes, or his/her sectary smokes. Note when they go for a smoke and where. Get a few of those USB thumb drives from trade shows and lace them with trojans and place them near the smokers outside break area and wait for them to pick it up and place them back in their machines when they get back inside. Because usually they will just to see what was on the drive.

      • No that isn't as reliable as sending them a "scam" email infected with a Trojan Horse program using an exploit in JPG or GIF picture rendering to execute code that installs the Trojan Horse by simply viewing the picture file.

        No doubt they made the email look like a bank customer or another employee by faking the email address and using social engineering to fool them into thinking it is legit and click on it to read it.

        If they left a USB thum drive, Police could get fingerprints off of that and then they wo

      • "Find out if the bank manger smokes .. Get a few of those USB thumb drives from trade shows"

        - The attackers somehow got the Zeus Trojan [washingtonpost.com] on the county treasurer's PC, and used it to steal the username and password the treasurer needed to access e-mail and the county's bank account.

        - The attackers then logged into the county's bank account by tunneling through the treasurer's Internet connection.

        - Once logged in, the criminals changed the judge's password, as well as e-mail address tied to the judge'
        • Maybe because the point I was getting across was that the criminals likely used social engineering of some type to get access to the data. Doesn't matter if it's the bank manger or a civil service employee. Could be use email as the technical means. A lot of IT admins focus entirely on things like firewalls, anti-virus software, spam filters, and outside threats attacking the network that they often times fail to take into consideration what might happen if someone manages to get physical access to a ma

  • But I've yet to meet the man that can outsmart Bullitt.

  • by billcopc (196330) <vrillco@yahoo.com> on Tuesday July 07, 2009 @08:44PM (#28616307) Homepage

    more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers

    I find it hilarious that basic TCP/IP networking stuff gets labeled as "interesting". Any idiot can initiate a connection to a host on the internet.

    What's "interesting" is that the victim's machine was not firewalled to prevent this sort of thing from happening in the first place. Properly controlling outgoing traffic is of crucial importance, particularly when dealing with such sensitive information. A locked down network should be able to contain unknown connections from within, just as well as those from the great wide internet.

    In my opinion, it's not the invader that cost Kentucky $415,000. The fault rests entirely on their network administrator(s).

  • by phrostie (121428)

    is this included in M$'s total cost of ownership?

  • by AHuxley (892839) on Tuesday July 07, 2009 @08:55PM (#28616397) Homepage Journal
    Microsoft Cost a Kentucky County $415,000 :(
    When will they learn.
    This is my Unix. There are many like it, but this one is mine. My Unix is my best friend.
    It is my life. I must master it as I master my life. My Unix, without me, is useless.
    Without my Unix, I am useless. I must run my Unix true.
    I must admin smarter than any hacker who is trying to own me. I must block them before they hack me. I will....
    My Unix and myself know that what counts on this net is not the scripts we code, the size of our pipe, nor the data we send.
    We know that it is the uptime that counts.
    We will stay up...
    My Unix is human, even as I, because it is my only life.
    Thus, I will learn it as a brother.
    I will report its bugs, share its strengths, upgrade parts, buy its accessories, open its ports and lobby for more bandwidth.
    I will keep my Unix clean and ready, even as I am clean and ready.
    We will become part of each other. We will...
    Before Darl McBride I swear this creed. My Unix and myself are the defenders of the company I work for.
    We are the masters of your script kids.
    We are the saviors of your profit.
    So be it, until victory is America's and there is no competition, but Profit.
  • Why? Because this is an example of what happens when they're not.

    If I'm not mistaken, most keylogging programs can be kept out fairly easily with decent firewall rules and a good anti-spyware/anti-malware agent. The article does not report that this county's IT department (which I'll guess and say is non-existent or illusory) took preventative measures against these attacks.

    Basically, they had it coming.
    • by Shados (741919)

      Anti-spyware/malware maybe. Firewall rules however, useless. What do you do if the software simply does an HTTP Post to a web service with default proxy settings, or if the sysadmin is clever and uses a setup where the default proxy settings are not being used, its not too hard to sniff/autodetect them. Not much to do when the malwares use the same outbound as another important piece of software...

      • by Qzukk (229616)

        Simple: you set up a list of only 20 or so permitted websites, and if someone needs to look up regulatory information on some obscure county website somewhere they can file form 128-A in triplicate and submit this to their manager, who submits it and F-39 to their manager, who (if they have not exceeded their department-wide quarterly quota on variances) sends it to the head of the IT department across the hall, whose secretary shreds all three copies of 128-A individually then types F-39 into a web form th

  • by shemp42 (1406965) on Tuesday July 07, 2009 @09:31PM (#28616653)
    Everyone who is claiming that linux should be used and its those stupid MS users that cause this are missing the point and have never spent one second working in a corporate IT enviroment. The fact is that every single security measure that is put in place is met with overwhelming opposition by the user base as well as the executives. A spam filter is looked at as the unholy antichrist because it blocks .00001% of legitimate emails. I have worked corporated IT for years and have constantly had to fight for just the basic's in security. IT is not given the authority to do its job. I am sure there is some IT guy that worked for the county that is now unemployed because he didnt stop it, even though he has been banging his head againest the wall to get security measures put in place. I for one am tired of hearing that the answer is Linux. Sh*& I cant even upgrade to Office 2007 without getting hundreds of phone calls from users that cant find the print button. You want me to switch them to linux? That is just comical. Rather than constantly blaming the victim we need to get tough on the criminals. If somone is mugged you dont tell them that they should not have walked down the street. You go after the guys that mugged them. You dont tell the convienence store owner that he was robbed because he was open and should not let people enter the store. This stops when we get tough on the criminals and the governments that allow them operate free from risk. How long do you think it would take these countries to stop this if we cut off all trade and aid to them? The fact is that cybercrime is not looked at as real crime. Until we start caring more about it and electing people who understand the risks it wont matter what system is in place, it will be exploited.
    • Re: (Score:2, Interesting)

      by Dullstar (1581331)
      Actually, Linux usually won't even need security software in the first place. You're right about some points, but not all of them. I'm going to say that your points about the victims in the scenarios you gave are relevant. And the ones who can't find the print button are just idiots. We need to get tough on the criminals, yes, but, however... it helps if people take better measures to make it harder to occur too. So Linux is the answer... but it is the only answer? No. There's Mac OS X.
      • by Shados (741919)

        He didn't say security software. He talked about security measures in general. That means making users have strong passwords and change them regularly, not running every application they see, etc.

        You can spout how Linux is more secure by design all day, but usually the current user context is MORE than enough to do damage, no matter how restricted you make it (if a user can read their own email and type in their own browser and read their own instant messages, so can a software, and its all whats needed). T

    • Re: (Score:3, Insightful)

      by pushf popf (741049)
      Everyone who is claiming that linux should be used and its those stupid MS users that cause this are missing the point and have never spent one second working in a corporate IT enviroment. The fact is that every single security measure that is put in place is met with overwhelming opposition by the user base as well as the executives. A spam filter is looked at as the unholy antichrist because it blocks .00001% of legitimate emails. I have worked corporated IT for years and have constantly had to fight for
      • Re: (Score:3, Informative)

        by plover (150551) *

        Things have changed, at least for ordinary commercial accounts. Money transfers are done via web browser. And nobody except a couple of imaginative slashdotters said anything about USB drives -- TFA says only that it was a "zbot Trojan" but doesn't identify the infection path.

        The auditors and security people obviously approved the "two people requirement" but failed to identify the weaknesses in the implementation. Yes, that's certainly a failing, but unless you have a CISSP on staff you probably don'

    • by Nutria (679911)

      we need to get tough on the criminals.

      They're in Kiev, you jackass, or Moscow, and surely kicking back to the police. And I'm not even sure that those countries have extradition treaties with the US. If they can even be identified and located...

      • by Max_W (812974)
        So what? There are daily flights to Kiev from major European capitals. Some fat law enforcement officer should lift from a chair, buy an air ticket for 500 bucks and go to Kiev.

        There is Interpol office in Kiev. Ukraine is a member of UN.

        It is easy to say "Kiev" and do nothing.
        • Re: (Score:3, Insightful)

          by Nutria (679911)

          Some fat law enforcement officer should lift from a chair, buy an air ticket for 500 bucks and go to Kiev.

          You really think it's that easy to get a foreign national into your court system????

          Especially if they are clever enough to hide their digital tracks.

          There is Interpol office in Kiev.

          There are also lots of easily-bribed cops in Kiev.

          Ukraine is a member of UN.

          It is easy to say "Kiev" and do nothing.

          Like it's easy to invoke the holy name "UN", and believe that Ban Ki-moon will swoop down and smite the ene

          • by Max_W (812974)
            Certainly, it is not easy and even impossible if an officer does not speak foreign languages and proud of it. But there are a lot of people living the USA who do speak the language, which is spoken in Kiev. They could do this job better than "pure" Hollywood-style cops. They should be hired and trained.

            Yes, there are a lot of easily bribed cops in Kiev. And it can be well used. If one offers to a Kiev law enforcement general, say, a training program for his digital crime division, he will in return have
          • I agree with Nutria. I can speak Russian pretty well (not fluent, but still pretty good) and I've spent a good deal of time in Ukraine. There are a lot of similarities between Ukraine and Russia and some differences. In Russia, the government basically doesn't care at all that criminals steal from the west. Their attitude is "It sucks to be you!" to the victims and as long as the criminals are causing problems for people outside of the country and potentially paying taxes on what they steal, they will c
    • "Everyone who is claiming that linux should be used and its those stupid MS users that cause this"

      Where does it say that 'everyone' is claiming and it isn't the 'stupid MS users' it's the click and get infected OS known as Microsoft Windows that's the root cause of the malware infestation.

      the second, more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers
    • Rather than constantly blaming the victim we need to get tough on the criminals. If someone is mugged you dont tell them that they should not have walked down the street. You go after the guys that mugged them.

      I take it you leave your keys in your car, and you never lock your doors at night?

      Give me a break.

      When your boss won't let you implement real network security, and then your up-to-date Windows Vista Premium server gets cracked with a 0-day exploit, throw it back in his face. Or else, find a
  • That malware is not interesting at all. I remember playing with SubSeven when I was in 7th grade (long long time ago) and it had ICQ notification and reverse bind options.

No amount of careful planning will ever replace dumb luck.

Working...