Wednesday 27 April 2011

Experimental attack on mTAN

F-Secure reports (link in german) that the trojan SpyEye has a new attack on the mTAN online banking security system. Users of infected PCs are tricked into installing malware on their Symbian mobile phones.
In order to do so, the attacker needs the phone's IMEI number, which is not a security credential in itself, but a user should become suspicious nowadays if their bank wants to know their IMEI number. Therefore I suggest to categorize this attack as experimental.
The urgent question behind this is: why did the Symbian developers base the security of their operating system on IMEI numbers?

Botnets Transfer 11 Million Dollar to China

The FBI reportsthat the usual suspects, namely ZeuS and SpyNet were used to steal 11 Million dollars and transfer that money to China.
Probably the victims were attacked using targeted "spearphishing" emails.
This issue is known since long, how long will it take until this will be eventually fixed?