In the news ... Monday, August 02, 2010




32 The Green

Dover, DE  19901

(302) 734-3570

(800) 722-0784

(302) 734-3254 - fax

Cyber Crime Alert


BULLETIN:  10-0730

DATE:            July 30, 2010

SUBJECT:     Cyber crime, Zeus Botnet Alert

From:           Corporate Legal Department


A new form of cyber crime is proliferating which has the potential to gain access to computer systems for the purpose of initiating unauthorized wire transfers.  Specifically, we have been alerted to instances where a Botnet has been utilized to initiate several unauthorized wire transfers that resulted in a significant loss to an agent of another underwriter, where the monies at issue were ultimately wired overseas after initially being wired to another US bank account.  Once the funds have been wired off shore it becomes almost impossible to trace and recover the funds.


One example of this type of cyber scam is where your bank’s web-based wire transfer site is mimicked by hackers who then collect passwords and PIN numbers that enable them to initiate wires.  One sign of this type of scam is where your wire transfer “times out” without confirming the wire or gives a message that the web transfer service is temporarily unavailable.  If this occurs we recommend you immediately alert your bank.


Botnet is malicious software (malware) that can steal information, extort money and actually control your computers without even walking through the front doors of your facility.  A very real and current Botnet is called ‘Zeus’. This is a banking Trojan that steals credentials for various online services like social networks, shopping websites, online banking accounts, ftp (File transfer protocol) and email accounts. This Trojan is very sophisticated and spreads by concealing itself in many forms via email, drive-by downloads and open Internet Browsers. This Trojan can piggy back onto other malware, or be embedded in rogue software that looks legitimate.  Initial indications are that this Trojan goes undetected by anti-virus software more often than not.  Once the Bot has infected your computer it sends instructions to the criminal(s) wanting and waiting for the credentials it has collected. Criminals will masquerade as an agent or financial representative in order to use the collected information for wire transfers to on/off-shore banks. Worse yet, criminals log into compromised accounts and transfer money via wire transfer or ACH (Automated Clearing House) transactions out of the accounts to money mules. ACH transactions do not have the same legal protections as credit card transactions in the event a fraudulent transaction occurs.


Old Republic’s Information Services Department will be providing more detailed information on Botnets generally, and steps you can take to reduce your risk of such a cyber attack in the near future.  Among the tips that will be mentioned are: close your browser when your computer is not in use; change passwords frequently; be aware of and report unusual situations or possible virus attacks; install anti-virus software on your home computer; install a firewall for your home computer; and avoid websites you don’t trust (especially with the terminal that initiates the wire transfers). 


In the event you observe or suspect unusual activity has occurred relating to wire transfers or the information necessary to initiate such wires on your systems, it is recommended that you contact your bank immediately to direct it to discontinue all wire transfers from your escrow accounts.  We further recommend that you implement additional safeguards with your bank relating to wire transfers (such as having dual control over your wire transfer payments, having dual control over your system administration, utilizing banks that offer security tokens for your on-line transactions; and prohibiting off-shore wire transfers).  It is also recommended that you review your wire transfer agreements to become cognizant of your liability and responsibilities there under; and if necessary, to modify same.  ALTA Title News Online also recently published an excellent article titled “Title Agents Warned of Virus Attacking Escrow Accounts,” with additional recommended safeguards.  A copy is attached.  We recommend you review this article and consider implementing the noted safeguards.


Please contact Kate Blake-Endicott at 302.734.3570 should you have any questions in this regard.




To unsubscribe to this newsletter, please click here




Old Republic Title Update is published by the Mid-Atlantic Area Office of Old Republic National Title Insurance Company in an effort to provide information relative to our industry on a timely basis. None of the materials included in this publication should be deemed legal or underwriting advice or should be acted upon without prior consultation with your underwriter or counsel./font>