The Insider's Guide to Next-Generation BPM
09/28/2010
The ZeuS malware is coming of age and the infections are going to get a lot worse says Trusteer, the secure browsing services specialist.
ebizQ received the following:
ZeuS malware has already been pushed extensively to users of Web 2.0 and/or social networking sites plus services such as Facebook, Twitter and, most recently, to users of the business social networking site, LinkedIn. Malware is also being modified by cybercriminals using coding toolkits to attack smartphone users. Recent postings by our IT security colleagues at S21sec about ZeuS targeting smartphone users are just the tip of the iceberg when considering the potential of these attacks.
Join us for SOA & Application Integration in Action Virtual Conference on October 5, 2010. Learn more here.
ZeuS Mitmo
“The spread of Zeus into mobile platforms marks the beginning of a new era of malware mobility,” said Mickey Boodaei, Trusteer's CEO. “What's dangerous in this approach is that the same malware controls two communication channels - the PC and the mobile device and as a result can launch extremely effective attacks against banks and organizations that rely on these two channels for authentication and transactions.”
“Many enterprises rely on two-factor authentication to protect against unauthorized remote access to their networks and sensitive corporate applications. Malware such as Zeus which can reside both on the PC and the mobile device can easily bypass these protections. For online banking the potential of the attack extends way behind authentication. Criminals can also control incoming voice calls and re-direct them to the attackers. So when the bank detects a suspicious transaction and calls the customer for confirmation, the criminals can pick up the phone on the other side and do that on behalf of the customer.
By controlling both the phone and the PC criminals achieve devastating power. Frankly, I'm amazed that it took them so much time to do this,” continued Boodaei.
“Social networks are easy targets for malware. As a Linked In user I've received a few email alerts where I didn't really know if they're genuine or not. The first thing you want to do when you get a Linked In invite from someone you're not sure you know is to click the View Profile link embedded into the email. These emails also include links to accept and reject invitations,” said Boodaei.
Linked In are not alone here and many of the social networks send emails with links and even experienced users may be fooled into clicking one of these really well crafted emails. Once the criminals gain control of a social network account they have access to the victim's list of friends and they can send out more targeted messages to these friends, and raise the risk of getting infected even higher.
“Targeting social network users for distributing financial malware is a smart move for the criminals. These attacks are much more likely to succeed than phishing attacks on banks. Once Zeus installed on the user's computer then the criminals get access not only to login information but also to real-time transactions and other sensitive information on the victim's computer, said Boodaei.”
To defend against attacks web 2.0 attacks like this enterprises and users need to use secure browsing services in addition to gateway level firewalls, antivirus amd anti spam defences. Trusteer works directly with leading banks around the world to identify targeted online banking attacks such as Zeus, block them, and remove them from your computer.
Best Practices in Moving Processes to the Clouds
How Can the Cloud Fit Into Your Applications Strategy?
Cloud Data Integration Best Practices
The Economics of Cloud Computing
Data Services Insight: Successful implementation of Canonical Information Models
ebizQ is very interested in what you have to say. To contribute an article, an opinion, or to become a blogger, please contact Peter Schooff.
June 3, 2009
One of the most compelling trends in the enterprise business technology space over the past year has been the emergence of cloud computing. In ebizQ’s upcoming Qcamp virtual un-conference, leading industry experts and practitioners will explore the role of service-oriented architecture (SOA) and business process management (BPM) in supporting cloud-computing initiatives. Additionally, the new skills that developers and IT managers need for successful cloud development will be discussed.Register
Date:Apr 07, 2010
Time:13:00 PM
ET- (17:00 GMT)
Date:Apr 07, 2010
Time:12:00 PM
ET- (16:00 GMT)
Middleware is one of the largest consumers of precious IT resources, but fortunately it does not need to be. View this white paper to learn how...
Download Now
In part two of Joe McKendrick's recent podcast with Miko Matsumura, chief strategist for Software AG, they talk about how SOA and IT systems need to change and grow and adapt with the organization around it.
Listen Now
Phil Wainewright interviews David Vap, VP of products at RightNow Technologies, and finds out how sharing best practices can help businesses understand how best to engage with online communities.
Listen Now
Scott Hebner, Vice President of Marketing and Strategy for IBM Rational, discusses a topic on the top of every company's mind today: getting the most from IT investments.
Listen Now
In BI, this tough economy and the increasing role of Web 2.0 and MDM are certainly topics on people's minds today. WiseAnalytics' Lyndsay Wise addresses each of them in this informative podcast.
Listen Now
Deepak Singh, President and CTO of Adeptia, joins ebizQ's Dennis Byron in a podcast that gets its hand around the trend of industry-specific BPM.
Listen Now
Smart event processing can help your company run smarter and faster. This comprehensive guide helps you research the basics of complex event processing (CEP) and learn how to get started on the right foot with your CEP project using EDA, RFID, SOA, SCADA and other relevant technologies. Learn More
A lot of people are talking about Enterprise 2.0 as being the business application of Web 2.0 technology. However, there's still some debate on exactly what this technology entails, how it applies to today's business models, and which components bring true value. Some use the term Enterprise 2.0 exclusively to describe the use of social networking technologies in the enterprise, while others use it to describe a web economy platform, or the technological framework behind such a platform. Still others say that Enterprise 2.0 is all of these things. Learn More
|
|
This new publication from our sister site SearchSOA.com explores workflow, business activity monitoring (BAM) and complex event processing (CEP) issues. |
|
|
Print this article
Email this article
Talk Back!
Write to Editor
