From SANS ... note that bank account details are now worth $400/per account.
TOP OF THE NEWS
--Ameritrade May Have Been Aware of Breach for a Year (September 14, 15 & 17, 2007) Online brokerage TD Ameritrade Holding has acknowledged that a data security breach has compromised more than 6.3 million accounts. The database contains customer names, addresses, account numbers, Social Security numbers (SSNs) and birth dates. The attackers gained access to the database through a backdoor program they had installed on the TD Ameritrade network. TD Ameritrade says it has removed the rogue code from its systems. The intrusion was discovered in the course of an investigation into stock-related spam that had been reported by the company's customers. An attorney representing plaintiffs in a planned class action lawsuit against the online broker alleges that the company knew of the data security problem for a year before customers were notified. Furthermore, the suit alleges that the company kept entering customer data into the vulnerable database during an internal investigation.
--Symantec Report: Malware Moves Toward Commercialism (September 17 & 18, 2007) Cyber attackers aiming to damage computers or inconvenience users are giving way to more financially motivated criminals. According to Symantec's most recent Internet Security Threat Report, cyber criminals are turning to good business practices to ply their trade. Some malware purveyors are offering guarantees about the performance of their products as well as updates to keep the products current. The report also notes that phishers are scouring social networking sites to gather personal information, which they then use to create targeted emails that lure recipients to phony sites where they can harvest valuable data.
Stolen bank account details are being sold online for as much as US $400 apiece. In addition, levels of pump-and-dump schemes and image-based spam have decreased.