Note: There is a maximum of 200 words per comment. If you wish to post more, please visit our forum.
FBI warns banks about virus-like 'BugBear.B'
By Ted Bridis, AP Technology Writer
Tuesday, June 10, 2003 | 1 comment(s)
WASHINGTON - The government is warning financial institutions about a virus-like infection that has targeted computers at roughly 1,200 banks worldwide, trying to steal corporate passwords.
The FBI is investigating what private security experts believe to be the first Internet attack aimed primarily at a single economic sector.
Virus experts studying the blueprints for the latest threat to Internet users were astonished to find inside the software code a list of roughly 1,200 Web addresses for many of the world's largest financial institutions, including J.P. Morgan Chase & Co., American Express Co., Wachovia Corp., Bank of America Corp. and Citibank N.A.
The destructive infection, known as "BugBear.B," has spread to tens of thousands of consumer computers across the Internet since last week, but investigators and industry experts said they were unaware if any financial institutions had been significantly affected.
Industry executives told Treasury Department officials and other banking regulators during a meeting Monday in Washington that while they were concerned that the infection targeted them, they were unaffected because of tight security.
The infection "was hammering the outside servers but it was being rejected," said Suzanne Gorman, head of the Financial Services Information Sharing and Analysis Center, a bank cybersecurity organization that works with the government.
"People weren't reporting that it got through to their personal organizations."
The analysis center distributed information from the Homeland Security Department to the nation's banks using its highest-priority alert on Thursday, Gorman said. The discovery of the banking Web addresses inside the software code "raised a lot of eyebrows," she said.
FBI spokesman Bill Murray confirmed the agency was trying to trace the author of the attacking software.
Experts said the BugBear software was programmed to determine whether a victim used an e-mail address that belonged to any of the 1,300 financial institutions listed in its blueprints.
If a match was made, it tried to steal passwords and other information that would make it easier for hackers to break into a bank's networks.
The software transmitted stolen passwords to 10 e-mail addresses, which also were included in the blueprints. But experts said that on the Internet, where anyone can easily open a free e-mail account using a false name, knowing those addresses might not lead detectives to the culprit.
"Depending on how those e-mail boxes are used, it could make investigating this a little easier," Murray said. "But it's not that easy. Those addresses may be blind boxes."
---
On the Net:
Financial Services Information Sharing and Analysis Center: http://www.fsisac.com
FBI: http://www.fbi.gov
Network Associates Inc. BugBear.B info: http://vil.nai.com/vil/content/v(underscore)100358.htm
The FBI is investigating what private security experts believe to be the first Internet attack aimed primarily at a single economic sector.
Virus experts studying the blueprints for the latest threat to Internet users were astonished to find inside the software code a list of roughly 1,200 Web addresses for many of the world's largest financial institutions, including J.P. Morgan Chase & Co., American Express Co., Wachovia Corp., Bank of America Corp. and Citibank N.A.
The destructive infection, known as "BugBear.B," has spread to tens of thousands of consumer computers across the Internet since last week, but investigators and industry experts said they were unaware if any financial institutions had been significantly affected.
Industry executives told Treasury Department officials and other banking regulators during a meeting Monday in Washington that while they were concerned that the infection targeted them, they were unaffected because of tight security.
The infection "was hammering the outside servers but it was being rejected," said Suzanne Gorman, head of the Financial Services Information Sharing and Analysis Center, a bank cybersecurity organization that works with the government.
"People weren't reporting that it got through to their personal organizations."
The analysis center distributed information from the Homeland Security Department to the nation's banks using its highest-priority alert on Thursday, Gorman said. The discovery of the banking Web addresses inside the software code "raised a lot of eyebrows," she said.
FBI spokesman Bill Murray confirmed the agency was trying to trace the author of the attacking software.
Experts said the BugBear software was programmed to determine whether a victim used an e-mail address that belonged to any of the 1,300 financial institutions listed in its blueprints.
If a match was made, it tried to steal passwords and other information that would make it easier for hackers to break into a bank's networks.
The software transmitted stolen passwords to 10 e-mail addresses, which also were included in the blueprints. But experts said that on the Internet, where anyone can easily open a free e-mail account using a false name, knowing those addresses might not lead detectives to the culprit.
"Depending on how those e-mail boxes are used, it could make investigating this a little easier," Murray said. "But it's not that easy. Those addresses may be blind boxes."
---
On the Net:
Financial Services Information Sharing and Analysis Center: http://www.fsisac.com
FBI: http://www.fbi.gov
Network Associates Inc. BugBear.B info: http://vil.nai.com/vil/content/v(underscore)100358.htm
The comments below are from users of theworldlink.com and do not necessarily represent the views of The World or Lee Enterprises. Participation Guidelines
Note: There is a maximum of 200 words per comment. If you wish to post more, please visit our forum.
Note: There is a maximum of 200 words per comment. If you wish to post more, please visit our forum.
Not already registered?
The World welcomes your comments about stories, and we encourage a robust dialogue on this site. All comments must meet reasonable standards of decency and civility.
Please follow these basic rules:
- No defamatory comments about individuals or businesses.
- No deliberately false information.
- No obscenity or racially offensive language.
- No harassment, verbal abuse, threats or personal attacks.
- No information that invades another person's privacy.
- No business solicitations or charitable solicitations.
Comments that violate these standards will not be posted. Users with repeated violations may be banned from future posting.Comments will be approved throughout the day during business hours. After hours and weekend comments may not appear until the following business day. It may take a couple of hours before comments are approved.
The World generally does not edit comments, but we reserve the right to edit any comment that does not meet our standards.
Close Guidelines