Subj : PIN Theif To : Mark Lewis From : Jim Rysyk Date : Thu Aug 17 2000 10:27 pm > is this thing on or do we have another broken link in the feed? Don't think so. Just maybe, someone stole your mail. Ummm, if any of you do online banking, take NOTE: New Worm Strikes European Bank Customers www.cmpnet.com The Technology Network New Worm Strikes European Bank Customers By Barbara Darrow, TechWeb News Aug 17, 2000 (10:51 AM) URL: http://www.techweb.com/wire/story/TWB20000817S0009 There has been a smattering of Love Bug-style Internet attacks in the past day, according to the National Infrastructure Protection Center and antivirus experts. The variant, fully named "VBS/Loveletter.bd," appeared early Thursday and has reportedly affected PC users in Germany and Switzerland primarily. It clearly targets customers of Union Bank of Switzerland (UBS) in an attempt to glean passwords, log-ins, and ultimately account numbers and cash, experts said. "The big thing about this VB variant is after execution, it looks in the registry for a program called UBS -- that's Union Bank of Switzerland's online banking software," said Dan Takata, a virus specialist for F-Secure, a San Jose, Calif., antivirus company. If the software finds its target, "it'll go to a public FTP server and download a Trojan called 'Hooker,' which installs itself and activates to capture the IP address, log-in, password, and then records every single keystroke, which it then sends to three e-mail addresses." Theoretically, the hacker or virus writer could then decrypt from all those messages, the actual bank account number, and the password, Takata said. He also said it wouldn't be too difficult for a hacker to adapt the virus to attack American banks. According to the NIPC site, the worm attempts to download a Trojan horse component on the host PC and executes and loads from a Windows startup file. The secret agent then captures the password, PIN, and other sensitive information from the PC. Once it has the information, it e-mails the files to three "hard wired" recipients. UBS downplayed the risk in a posting to its website. "An analysis by UBS has shown that only a small proportion of UBS e-banking clients are at risk," the company said. "The vast majority do not use PIN software and are therefore not affected by the virus. There are no reports of damage as yet." The bank said it's IT specialists set up virus filters and "successfully prevented the virus from spreading within UBS. UBS is preparing to take legal action against whoever is responsible." The VBScript worm is loosely based on the original VBS/Loveletter worm. It does not, however, damage files. The original Love Bug took the world's PCs by storm in the spring, clogging corporate e-mail systems and costing millions of dollars to fix. The latest outbreak appears to have originated in Germany, Takata said. The worm sends itself around the Web via a MAPI e-mail message called "resume.txt.vbs." One Boston-area journalist received the message, which was detected and deleted by antivirus software. The FBI tracks and warns of security breaches and viruses on the Internet. It advises all users and corporations to keep their antivirus software updated and to monitor NIPC and CERT for virus news. www.cmpnet.com The Technology Network Copyright 1998 CMP Media Inc. --- FLAME v2.0/b * Origin: SORRY, Live Y2K Rollover date system test under way @ (1:12/242) .