Heartland Payment Systems Breach Growing

I wrote about the Heartland Payment Systems breach that was announced on January 20, 2009.  Financial institutions all across North America have been contacting their customers in the past few weeks informing them that their credit card or debit card has been compromised due to this large breach.  I personally know many folks affected where I live in the great Mid-west.  They’ve got their letters telling them a new card is on its way.

I believe this breach will surpass the breach that TJMaxx had.  Their final total was around 94 million cards that were compromised.  This one, I believe, will surpass the 100 million total.  There is a site that has been reporting what banks have contacted them stating that they have been affected by this breach.  It is far from complete.  Click here to see an update from the site bankinfosecurity.com.

Hope you have all had a great week.  Friday is just around the corner.  Have a fabulous weekend.  And of course, Rock Chalk Jayhawk…Let’s kick the Wildcats behind Saturday!!

 

CCleaner A Good Tool for Your Toolbox

OK, I have a tool for you to check out if you are a Windows user.  The tool is called CCleaner.  Click here for additional information.  I’m going to give you some things I like about it.   First of all, it is a free tool.  I recommend you download it use it on a regular scheduled basis.

It combines a system cleaner that cleans your PC of unused temporary files from your PC.  On top of that, it also has a great registry cleaner too.  The reason you want to run this is that it allows you to keep your Windows system running faster and it also frees up hard drive space.  It also has a nice section that helps you clean up all those tasks that happen when your system starts up.  Seems like every application that you install with the default setup will always start up at boot time.  You don’t need to do this and this can slow your PC when your system tray is full of all these started applications.

Hope you all had a great weekend and of course ROCK CHALK JAYHAWK!!

 

Best Buy West Palm Beach Data Breach

Sucks to be a customer of the Best Buy store in West Palm Beach. Sounds like a former employee was skimming credit cards from Best Buy customers. Best Buy has an announcement on their website. They believe that approximately 4,000 people could be affected.  The time frame of this breach was November and December of 2008.

Click here for Best Buy’s announcement on their website.

 

Injection Attacks Continue – Update iwdown

Well the Super Bowl is going to be starting in an hour and I’m ready to check those commercials out.  I’ve watched the number of sites showing up that have been affected by hxxp://iwdown.com/inc/e.js that is hosted in China.  A few days ago when I wrote my first post on this injection attack, the Google search results showed roughly 135,000 sites that been affected.  Today, it is roughly 430,000.  Now realize these numbers aren’t exact, but it gives you an idea how things are progressing.

Hope your team wins tonight in the Super Bowl and hope your weekend has been great.

 

February = Malicious E-cards for Valentine’s Day

February is here and with it, love is in the air.  As February 14 nears, expect to see some fake e-cards from people you don’t know to show up in your inbox.  They are already being seen by some security research companies.  All you have to do is remember this easy statement.  NEVER click on any attachments or links in unsolicited e-mails.  Anymore today, you can’t even trust e-mail from those you know because if they are hacked, expect everyone in their contact list to get malicious spam e-mails also.

Have a happy Super Bowl Day today.  I’m cheering for the Cards.  Always hanging with the underdogs.  Stay safe.

 

Injection Attacks Continue

In my line of work I come across websites that have been hacked and code is injected leading to a website loaded with malware ready to take advantage of people who don’t patch their PC’s.  Today was the website executivehomemaker.com.  Hidden inside this legitimate site is a redirect to hxxp://iwdown.com/inc/e.js.  A site hosted in China.

This is just another in  a long line of sites with vulnerabilities that allow the bad guys to take advantage of the casual surfers.  They don’t patch, they probably click on links in spam e-mails and on and on.  My last search on the iwdown site shows 135,000 sites with these injections.  Click here an see the search results.

Stay safe and have a fabulous weekend and ROCK CHALK JAYHAWK!

 

Asprox Botnet is Back!!

The Asprox botnet has come back to life with malicious injections into legitimate websites.  Click here to see the Google search on the malicious injection.  The site hosting the malicious code is h!!p://www.wmpd.ru.  Now let me warn you, DO NOT CLICK ON THESE LINKS!!!  These websites in this search have a vulnerability that allows attackers to inject this code.  They need to close the vulnerability or they will continue to have possible attacks on their websites.

It is a good idea to avoid these sites.  If your PC is not patched with all the software you have installed, then your PC can fall victim to the attackers and your PC can then be in control of the attacker and their botnet.

Hope everyone is having a safe weekend and I hope it is warmer where you are than here in the state of Kansas.

 

Monster.com and USAJobs.gov Compromised

Read on Internet Storm Center’s website that Monster.com and USAJobs.gov had their databases compromised.  Click here to read the details from ISC.  Information from these databases was stolen.  USAJobs.gov’s database is administered by Monster.  Click here for USAJobs.gov post detailing the information they know.  Click here for Monster.com’s post detailing the information they know.

So what are the dangers?  Thing targeted spear phishing attacks to follow on the heels of this compromise.  Those on Monster and USAJobs will now be in the cross hairs of malicious attackers.  From the press releases, login credentials were also taken so if you are one of those who likes to use the same password for many things, as Joel Esler states in the ISC Diary posting, might be a good time to go change that password on yourbankhere.com.  We’ve talked about not using the same password for everything, especially financial accounts.

 

Heartland Payment Systems Data Breach

This week on Tuesday, the busiest news day here in the United States, an
announcement was made by Heartland Payment Systems that they uncovered
malicious software in their processing system. They ONLY process about 100
million transactions each month so surely this isn’t that big of a deal.

It is early on in the investigation, but this data breach may even
de-throne TJX and their 94 million cards compromised back in 2006-2007.
This company serves more than 250,000 businesses ranging from restaurants,
retailers, convenience stores including pay-at-the-pump, to payroll
systems.

According to the New York Times, the malicious code was introduced into the Heartland Payment System’s infrastructure as early asMay 2008. And Heartland didn’t actually take the matter seriously until late Fall of 2008. They were contacted by VISA and MasterCard twice before they took this seriously. Then they chose inauguration day to make its announcement. Precious!

I would suggest to everyone to monitor closely your credit card statements and bank accounts if you like to use your debit card. Report any fraudulent charges immediately to your card issuer. Just a couple of weeks ago, there was a report of small charges, as little as .25 cents run through many credit card accounts. Some theorize someone is trying to find out if illegally obtained credit card numbers will work before making larger charges.

From Heartland’s own special website www.2008breach.com, they are saying that this may be the result of widespread global cyber fraud operation and that the US Secret Service and the US Department of Justice are involved in the investigation.

UPDATE: I do know that banks are currently contacting customers who may have had a credit or debit card compromised in this data breach.

 

Fake Antivirus Scenario

So you do a search in your favorite search engine like Google, Yahoo, or others.  You search on a topic of interest, then you click the link to see if it is something you were researching on.

Search Engine Results

But when you click on the link it does not take you to the site. It pops up a message that looks like this. It’s kind of a scary message that says hey you have some bad stuff on your machine.

Redirect message

Now if you get this message, I would advise you not click on the OK or the Cancel buttons. Wouldn’t even click on the X. Interesting thing is the bad guy has disabled the ability to go down to the START bar in Windows and right click the Windows Internet Explorer to close it. So here is my advice to close that Explorer window. Bring up the Task List (Cntl + Alt + Dlt) and then kill it from there.

Stay safe out there and Rock Chalk Jayhawk!!!!!