Cyber-Thieves Hijack 4 Million Computers Worldwide
According to a federal indictment unsealed in New York (as reported by abc News), at least 4 millions computers in over 100 countries have been hijacked.
Image credit to techcentral.ie.Cyber-Thieves Hijack 4 Million Computers Worldwide
The hijacking activity was done by a group of cyber-thieves called “Rove”, who have made off in a $14million illegitimate income before being caught.
The Eastern European cyber-thieves managed to infect computers in U.S. government agencies such as NASA, and also websites of iTunes and Netflix.
Cyber-Thieves Hijack 4 Million Computers Worldwide
Lately I have received several emails claimed to be coming from “CIMB Bank”, with its email address pointing to
[email protected]Email looks weird, doesn’t it?
The subject says,
“(Cimb Protection) Activate Your Alert”
These bastards almost make the mail sound very legit so that people who are less alert will likely fall into their prey. Its content goes like:
Dear CIMB Customer,
CIMB is launching a new online anti-fraud initiative and becoming the top to offer security to all customers. Customers will also be offered an innovative text message service notifying them of new payees on their online account, helping to cut occurrences of fraud attacks.
In addition to the free software, CIMB is introducing an innovative SMS text message service, notifying customers when new third party payments are set up on their account Also when a new payment has been made immediately a notification of the sum of your transaction will be SMS to your registered mobile phone number. This service takes place after you have login on our link below and follow the procedure on the next page also you will be receiving a new Tac wich will be use to verify your access with CIMB SMS Server .The free service will send a text message when an online payment is made for the first time, enabling customers to alert the bank immediately if the transaction is suspicious.
Everything sounds so convincing, except the fact that they haven’t been consistent with the way they spell out “CIMB” (note the title). Besides, the content, I believe, has also been plagiarised from
SecurityProNews.
Towards the end of the content, there is a link that reads http://www.cimb.com.my/protection/login.asp but is, in actual fact, pointing to a phishing URL at http://www.russellbibby.com/templates_c/CIMB-Online/login.html.
Once someone enters his/her CIMB online banking username and password, the details are automatically recorded down, thereby allowing the bastards to bypass authentication controls and conduct illegal transactions.
