|
BULLETIN:
10-0730
DATE:
July 30, 2010
SUBJECT:
Cyber crime, Zeus Botnet Alert
From:
Corporate Legal
Department
A new form of cyber crime is
proliferating which has the potential to gain
access to computer systems for the purpose of
initiating unauthorized wire transfers.
Specifically, we have been alerted to instances
where a Botnet has been utilized to initiate
several unauthorized wire transfers that
resulted in a significant loss to an agent of
another underwriter, where the monies at issue
were ultimately wired overseas after initially
being wired to another US bank account. Once the
funds have been wired off shore it becomes
almost impossible to trace and recover the
funds.
One example of this type of
cyber scam is where your bank’s web-based wire
transfer site is mimicked by hackers who then
collect passwords and PIN numbers that enable
them to initiate wires. One sign of this
type of scam is where your wire transfer “times
out” without confirming the wire or gives a
message that the web transfer service is
temporarily unavailable. If this occurs we
recommend you immediately alert your bank.
Botnet is malicious software
(malware) that can steal information, extort
money and actually control your computers
without even walking through the front doors of
your facility. A very real and current
Botnet is called ‘Zeus’. This is a banking
Trojan that steals credentials for various
online services like social networks, shopping
websites, online banking accounts, ftp (File
transfer protocol) and email accounts. This
Trojan is very sophisticated and spreads
by concealing itself in many forms via email,
drive-by downloads and open Internet Browsers.
This Trojan can piggy back onto other malware,
or be embedded in rogue software that looks
legitimate. Initial indications are that
this Trojan goes undetected by anti-virus
software more often than not. Once the Bot
has infected your computer it sends instructions
to the criminal(s) wanting and waiting for the
credentials it has collected. Criminals will
masquerade as an agent or financial
representative in order to use the collected
information for wire transfers to on/off-shore
banks. Worse yet, criminals log into compromised
accounts and transfer money via wire transfer or
ACH (Automated Clearing House) transactions out
of the accounts to money mules. ACH transactions
do not have the same legal protections as credit
card transactions in the event a fraudulent
transaction occurs.
Old
Republic’s Information
Services Department will be providing more
detailed information on Botnets generally, and
steps you can take to reduce your risk of such a
cyber attack in the near future. Among the
tips that will be mentioned are: close your
browser when your computer is not in use; change
passwords frequently; be aware of and report
unusual situations or possible virus attacks;
install anti-virus software on your home
computer; install a firewall for your home
computer; and avoid websites you don’t trust
(especially with the terminal that initiates the
wire transfers).
In the event you observe or
suspect unusual activity has occurred relating
to wire transfers or the information necessary
to initiate such wires on your systems, it is
recommended that you contact your bank
immediately to direct it to discontinue all wire
transfers from your escrow accounts. We
further recommend that you implement additional
safeguards with your bank relating to wire
transfers (such as having dual control over your
wire transfer payments, having dual control over
your system administration, utilizing banks that
offer security tokens for your on-line
transactions; and prohibiting off-shore wire
transfers). It is also recommended that
you review your wire transfer agreements to
become cognizant of your liability and
responsibilities there under; and if necessary,
to modify same. ALTA Title News Online also
recently published an excellent article titled
“Title Agents Warned of Virus Attacking Escrow
Accounts,” with additional recommended
safeguards.
A copy is attached. We
recommend you review this article and consider
implementing the noted safeguards.
Please contact Kate
Blake-Endicott at 302.734.3570 should you have any
questions in this regard.
|
