CSI: computer scene investigation

Laptop-based car theft takes 20 minutes. Thieves are using mobile computers to "break" the software locks used in modern keyless entry systems.

The theft of two of David Beckham`s BMW X5 SUVs has been attributed to this kind of theft. It is also important to note these hackers can use the car`s radio system to break in without physically connecting their laptops into the car`s system. Who ever thought your sound-system could turn against you in such a sinister way?

California-based botnet master, Jeanson James Ancheta, has been arrested. He had been renting out his troop of thousands of zombie computers, through an IRC channel called "botz4sale", to hackers and spammers to use as they wanted.

His primary source of income, however, came from installing adware on compromised systems, which earned him $60 000. What did he do with the money? He bought himself a top-of the range BMW!

Ancheta was jailed for 57 months after pleading guilty to four charges.

Everyone seems to be getting into the spirit of the forthcoming Soccer World Cup, and malware writers are no exception. A new e-mail in circulation offers readers a schedule of the event via a link, which once clicked, installs a Trojan.

The Trojan, called Haxdoor.ie, lowers security levels in Windows, turns off anti-virus software, steals information via keyloggers and opens a backdoor to connect through IRC channels. And just like that, your PC`s a bot.

There has been so much in the news about Microsoft operating system flaws, especially with Internet Explorer. The spotlight moves to Apple this week as McAfee recognised Mac OS X as a growing target for malware attacks.

According to McAfee, Mac platform vulnerabilities increased by 228% in the past three years, with Microsoft, although still the main target overall, seeing a 73% increase.

There is a new phishing scam targeting Chase Manhattan Bank`s customers. The irony is the very authentic looking e-mail starts by alerting the reader to the measures taken by the bank to ensure the protection of its customer`s personal information.

Who ever thought your sound-system could turn against you in such a sinister way?

Ilva Pieterse, ITWeb contributor

It claims anti-fraud units continually scan user accounts for suspicious activity, and then informs the user the unit has detected multiple attempts to break into their account. In order to re-validate their account, users are asked to click a link, which reverts to a spoof Web site asking for personal details. A very clever scam indeed.

American Express is also feeling the wrath of phishers. Users whose computers are infected with a Trojan are receiving a pop-up message, which appears when they try to access the AmEx Web site.

The message reads: "We are currently performing regular maintenance of our security measures. Please fill in the correct information for the following category to verify your identity". And the rest is history...

An interesting tidbit from the RSA 2006 conference this week was the IDC explanation of its Insider Threat Ecosystem, which breaks down different types of users according to threat level.

The first type is the "citizens" - employees that pose no security threat, as they never stray from the company`s acceptable user policies.

Then there are the "delinquents", which are much more common. They check their personal e-mail, play the occasional game and do some online shopping. Although they do pose quite a big threat to the company, this is rarely intentional.

The "renegades" spend a lot of time abusing the company resources. They may install peer-to-peer or instant messaging applications, and have no qualms about sending confidential information to outside parties. The threat they pose is significantly high.

The final group is the "rogues", who are malicious. Rogues routinely endanger confidential company information which they usually sell to interested outside parties. Although by far the biggest threat to the organisation, they are also very hard to catch.

Sources used: The Register, MicroWorld Technologies, SearchSecurity, Datamation