The latest botnet targeting the UK cranked out eight million phishing messages in just 24 hours. And each message sought to get a clueless victim to willingly divulge personal data.

The data? Banking details for NatWest Bank or Bank of Scotland.

Meanwhile, down the road in Australia, 10,000 identities are being stolen the old fashioned way.

A Russian-built keystroke logger infiltrated the computers via email, or evil websites, then transmits keystrokes for user names, passwords and account numbers to the Mother Ship.

So far, nearly 200 Aussies have petitioned authorities for new Tax ID numbers.

Neither of these attacks could succeed, if the victims had been protected properly protected by virus, and spam filters set to strip suspicious items at the network edge, server and desktop levels.

I keep reading that something must be done to stop these outrages.

It has been done. Many, many companies build software, services and hardware that can effectively protect you from spam and viruses. Nearly every single expert agrees that you should apply different brands of these products at each layer, so that, what one misses, another catches.

The missing links in the security chain are users and admins.

Sigh.

I’m… so… darned… tired…

Full Story »

Via: Forum of Incident Response and Security Teams - Daily Security News