Apologies to the PDC crew: Sean-Paul Correll, Panda Security threat researcher will be on Securabit on 4/7 to discuss the report. +2 on Jack's recommendation on Brian Krebs. Brian was on Securabit episode 52 discussing the crimeware.
In addition to directly stealing the money, trojaned machines are being used to proxy attacks on FI. I also agree with Tim about the under reporting of breaches due to trojans. Most non-security people still thinking of viruses as porn pop-ups. Bart On Tue, Mar 30, 2010 at 7:46 AM, Bugbear <[email protected]> wrote: > +1 on Jack's recommendation of Brian Krebs > > I saw this come down on twitter today > > http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?noticia=10116 > > Just note the source - AV companies have everything to gain from FUD > > Problem I see with any stats regarding such compromises. is Companies > often will not report the breach. Even states with Breach notification > laws often do not require disclosure of the Company to the public. > Combine that with the fact that such legislation only covers > notification of specific data (i.e. PI) and there are 40 something > different variations in different states, I think there isn't a chance > of getting an accurate representation of the issue we are facing. > > But I will end my rant here > > Tim > > On Tue, Mar 30, 2010 at 6:32 AM, Jack Daniel <[email protected]> > wrote: > > Brian Krebs has done a good job of reporting on this issue, see his > > blog at http://www.krebsonsecurity.com/, he even has a "Target: Small > > Business" section with numerous posts on the topic, that's at > > http://www.krebsonsecurity.com/category/smallbizvictims/ > > > > Short version of this situation: Most small biz are no more tech savvy > > than home users, but don't have the financial account protections of > > individuals, and usually have more in the bank than an individual- so > > they're a great and vulnerable target. > > > > Jack > > > > -- > > ______________________________________ > > Jack Daniel, Reluctant CISSP > > http://twitter.com/jack_daniel > > http://www.linkedin.com/in/jackadaniel > > http://blog.uncommonsensesecurity.com > > > > > > On Mon, Mar 29, 2010 at 10:37 PM, Arnaud <[email protected]> wrote: > >> I'm looking for information security statistics as it pertains to small > >> businesses. There's one statistic specifically that I read recently > along > >> the lines of small businesses having money stolen through the use of > >> keystroke loggers on the principal banking PC and the hacker initiating > a > >> bank transfer. Can't remember where i saw it though. Links to any > articles > >> relating to current statistics would be appreciated. > >> Thanks. > >> Arnaud- > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
