Sharon Gaudin, Computerworld

A Miami, Fla., man and two Russians today were indicted by a grand jury in New Jersey on charges of conspiring to commit some of the largest data breaches in U.S. history.

Albert Gonzalez, 28, and the two as-of-yet-unnamed Russian citizens are charged with running an international scheme to steal more than 130 million credit and debit card numbers along with personal identifying information from five companies, including Heartland Payment Systems, Inc., 7-Eleven, Inc. and Hannaford Brothers Co. The two other companies were not named in the indictment because their breaches have not yet been made public.

"This represents another major step forward in our efforts to prosecute individuals responsible for these major data breaches," said Assistant U.S. Attorney Erez Liebermann, who is prosecuting the case with Assistant U.S. Attorney Seth Kosto. "It also further illustrates the ability of the U.S. to work with foreign law enforcement in these international cases and track down people even when they use sophisticated means."

The data breach at Heartland, which is based in Princeton, N.J., is considered to be one of the largest data breaches involving credit cards ever reported in the U.S. Heartland said earlier this year that it has already spent or set aside more than $12.6 million to cover costs related to the intrusion there.

The data breach at Hannaford resulted in the reported theft of up to 4.2 million credit and debit card numbers from its systems.

Posted by Nancy Pursley in Virus & AntiVirus News at 09:58

By Jeremy Kirk, IDG News Service

Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities.

Social-networking sites were the most commonly targeted vertical market according to a study of hacking episodes in the first half of the year. The study is part of the latest Web Hacking Incidents Database (WHID) report, released on Monday. In 2008, government and law enforcement sites were the most-hit vertical markets.

Social networks are "a target-rich environment if you count the number of users there," said Ryan Barnett, director of application security research for Breach Security, one of the report's sponsors, which also includes the Web Application Security Consortium.

Twitter has been attacked by several worms, and other social-networking platforms such as MySpace and Facebook have also been used to distribute malware. That's often done when an infected computer begins posting links on social-networking sites to other Web sites rigged with malicious software. Users click on the links since they trust their friends who posted the links, not knowing their friend has been hacked.

The WHID sample set is small, encompassing 44 hacking incidents. The report only looks at attacks that are publicly reported and those with which have a measurable impact on an organization. The WHID's data set is "statistically insignificant" compared to the actually number of hacking incidents, but shows overall attacker trends, Barnett said.

Other data showed how Web sites were attacked. The most common attack was SQL injection, where hackers try to input code into Web-based forms or URLs (Uniform Resource Locators) in order to get back-end systems such as databases to execute it. If the input is not properly validated -- and malicious code ignored -- it can result in a data breach.

Other methods used include cross-site scripting attacks, where malicious code gets push to on a client machine, and cross-site request forgery, in which a malicious command is executed while the victim is logged into a Web site.

The WHID found that defacing Web sites is still the most common motivation for hackers. However, the WHID includes the planting of malware on a Web site as defacement, which also points to a financial motivation. Hacked computers can be used to send spam, conduct distributed denial-of-service attacks and for stealing data.

"Ultimately they [the hackers] want to make money," Barnett said.

Our Comment: Be careful what you click on especially on these social networking sites.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 11:40

ESET Ranks No. 379 on the 2009 Inc. 500 with Three-Year Sales Growth of 667.4 Percent

SAN DIEGO August 13, 2009 - ESET, the leader in proactive threat protection, today announced that Inc. Magazine has ranked it among the fastest-growing private companies for the third consecutive year. Distinguished as No. 379 among the top 500 organizations, ESET grew at an impressive rate of 667.4 percent, ranking eighth among the top security companies and 11 in the top 50 businesses in San Diego-Carlsbad-San Marcos, Calif. area.

“Being acknowledged by Inc. Magazine as one of the fastest growing companies is further testament to our continued leadership in the security market,” said Anton Zajac, president and CEO of ESET, LLC. “We attribute our continued success to our loyal customers, product quality and employee dedication.”

ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET Smart Security, an integrated antivirus, antispyware, antispam and personal firewall solution, was named CNET “Editors’ Choice” in April 2009 and finished first among its peers in a leading consumer publication in June 2009. ESET NOD32 Antivirus consistently achieves the highest accolades in all types of comparative testing, including 57 VB100 awards, which is the most in the industry. ESET products are available in more than 160 countries and are represented by an extensive global partner network.

“If you want to know which companies are going to change the world, look at the Inc. 500,” said Inc. editor Jane Berentson. “These are the most dynamic, fast-growth companies in the nation, the ones finding innovative solutions to problems, creating smart systems, and inventing products we soon discover we can't live without. The Inc. 500 list is Inc. Magazine’s tribute to American business ingenuity and ambition.”

Our Comment: Go ESET!

Original Article

Posted by Nancy Pursley in Eset Software at 10:43

ADELAIDE, Australia -

A 20-year-old Australian man has been charged with infecting more than 3,000 computers around the world with a virus designed to capture banking and credit card data, police said Thursday.

The man, whose name will not be released until he appears in an Adelaide court on Sept. 4, has been charged with several computer offenses that carry prison terms of up to 10 years, South Australia state police Detective Supt. Jim Jeffery said in a statement.

Police also uncovered information that will identify other offenders, Jeffery said.

The man, who lives in the state capital, Adelaide, is also accused of illegally creating a capacity to disable computer systems by bombarding them with unwanted traffic from up to 74,000 computers he controlled around the world. This type of sabotage is known as a distributed denial of service attack.

Police have not said whether the man allegedly used stolen banking information to commit identity fraud.

The arrest followed a three-month investigation involving state and federal computer crime detectives.

Our Comment: One down, thousands to go.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 10:38