Three Charged Over Gozi Virus

Three men from Russia, Latvia, and Romania have been indicted in the United States for creating and spreading the Gozi virus, designed to steal banking information from victims.

The LA Times reports that Nikita Kuzmin, Deniss Calovskis, and Mihai Paunescu are accused of programming the virus, creating various “injects” such as fake bank login pages, and making the virus available for distribution via spam email and maliciously crafted PDF documents. At least 40 000 computers in the United States were infected along with others in Turkey, Poland, Finland, and other countries.

Among the American victims was apparently NASA, where 190 computers were infected with the Gozi virus between 2007 and 2012.

Primer on Internet Scams

This basic Internet scams primer appeared on The Next Web today. It goes over four (five if you include the Nigerian Prince scam) methods scammers use to trick their victims, concentrating on email as the vector of choice to reach their marks. Focusing on email makes sense; many, if not most, malware infections come from email attachments and links to web sites containing malicious code.

Prevention of malware infection starts with wariness toward every email that comes in. Malware can relatively easily be prepared to refer to you by name, appear to come from someone you know, or take on the exact outward appearance of an email from a reputable source. Usually, the giveaway is that the email contains an unnecessary attachment, or links to a web site other than the one it appears to be coming from (determine where links go by hovering over them with your mouse; the destination address will appear in the status bar on all major email programs).

The linked article isn’t exactly news, but it’s definitely worth a read as a reminder to be careful with email links and attachments.

Red Cross Site Used in Phishing Attack

The Ethiopian Red Cross’ web site appears to have been compromised and is being used in a phishing attack targeting Google login credentials.

Sophos’ Naked Security reports that they received an email directing the reader to click on a link taking them to a fake Google Docs login page, designed to harvest usernames and passwords. The twist is that this page is served from within the web site of the Ethiopian Red Cross. From the content of the email, it appears as though the attackers have not targeted the Red Cross directly; the site was simply hacked and its use in this attack seems to be a coincidence (the attack would have been much more dangerous if its email and landing page were adjusted to take advantage of its presence on a legitimate Red Cross site).

Sophos has informed the Ethiopian Red Cross of the security breach.