In the Know

The "money mules" hired under false pretenses to help scammers wire stolen funds out of the country often know the names and other important details about the account holders they are helping to victimize.

Money mules are typically hired through job-search Web sites to receive stolen funds and then transfer them electronically to accounts controlled by the people behind the scams. The mules are not told that they are committing a crime; usually they are told they have been hired to help expedite a fictional company's payments to its clients, Brian Krebs wrote in his "Krebs on Security" blog Jan. 13.

Since the mules are told they have been hired for legitimate work, they are given detailed descriptions of the transactions they must initiate — including the name of the "client" whose money they are handling. In a July incident, five mules received nearly $50,000 in all from First Sentry Bank in Huntington, W.Va., according to the instructions the mules received. (Krebs said that he could not get the bank to confirm that it had been victimized or to make any comment for his story.)

Though the mules are not told that they are participating in a crime, some figure it out on their own, Krebs wrote.

A 65-year-old Texas woman told Krebs she continued with the scam despite her suspicions after she made $500 for a single day's work. "I knew it was too good to be true after making that doggone much money in one day, but it helped me out a lot," she said. Krebs said most mules actually lose money in the end.

Friendly Scan

Facebook Inc. is requiring users to disinfect their computers with McAfee Inc.'s antivirus software if they have ever had their credentials compromised.

The social networking Web site operator said in a blog post last week that if one of its users were to fall victim to a scammer, that user would have to go through "a unique process that requires the account owner to take steps to secure the account and learn security best practices … ; if your computer is infected, you will be asked to run a scan like the one shown below and clean it before accessing Facebook."

McAfee's software would also try to find and eliminate malicious software designed to steal financial data or send spam.

Floor64's tech news blog, TechDirt, took issue with Facebook's approach, since it endorses a vendor that some users may not want to, or be able to, use. In particular, Floor64 President and Chief Executive Mike Masnick wondered what users of the Linux operating system would do when asked to run a scan using antivirus software that was made for Windows.

"While McAfee is offering a free tool for scanning, it's only free for six months and then you have to pay — meaning that this is really an upsell plan," Masnick wrote.

Chinese Connection

Following Google Inc.'s lead, several companies have disclosed actual or suspected data breaches that seem to have originated from China.

Google of Mountain View, Calif., said last week it was changing its business practices in China after discovering that its systems had been compromised by cyber-attacks originating from within that country.

Soon thereafter, the networking equipment manufacturer Juniper Networks Inc. and the software maker Adobe Systems Inc. said they also had been attacked, The Wall Street Journal reported Friday.

Dow Chemical Co. said law enforcement agencies have looked into suspected attacks on its systems but would not confirm whether an attack had taken place.

A BBC News report said Friday that, in some of the incidents, hackers exploited an unpatched hole in Microsoft Corp.'s Internet Explorer browser. In a blog post, Microsoft's director of security response wrote that the flaw had been used in "only targeted and limited attacks" and that the technology company has "determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks."

Google said in its announcement last week that phishing, a form of e-mail deception most commonly used to steal banking credentials, had probably been used to steal the e-mail passwords of human rights advocates that use Google's Gmail system.

Still Out There

Remember the Conficker worm? Hackers sure do.

The Conficker program won plenty of publicity a year ago after it gained control of millions of computers, and though it has since faded from the spotlight, it has not faded from use, according to an article Computerworld ran Friday.

Citing a new report from Akamai Technologies Inc., the article said that Conficker is still widely used, though the number of computers it has infected is starting to decline. In October, variants of the Conficker worm controlled about 6.7 million machines; that same month, Microsoft Corp. released a patch to fix the vulnerability Conficker exploits, and today 6.3 million machines are under its control, the article said.

That the bug remains persistent suggests that it is preying on unpatched computers, including many that may be running unlicensed versions of Windows and thus do not have a direct line to Microsoft for automatic security updates, the article said.

Akamai's report said: "Although mainstream and industry media coverage of the Conficker worm and its variants has dropped significantly … , it is clear from this data that the worm (and its variants) is apparently still quite active."


A Romanian who was extradited to the United States on phishing charges faces up to five years in prison after pleading guilty.

Cornel Ionut Tonita, a 28-year-old resident of Galati, Romania, is to be sentenced in Connecticut April 5 on a count of conspiracy to commit fraud related to spam, according to an article Computerworld ran Friday. Tonita was extradited to the United States after being arrested in Croatia in July.

Tonita allegedly conspired with fellow Romanian Ovidiu-Ionut Nicola-Roman, a scammer notable for being the first foreign citizen convicted in the United States of phishing. Nicola-Roman was sentenced in March 2009 to more than four years in prison, the article said. A third Romanian, Petru Belbita, was also accused of participating in the scheme to steal financial information and sell stolen card data, the article said.

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.