Tuesday, June 30, 2009

Criminal malware infection hits Eastern European cash machines

ATMs in Eastern Europe have been infected with a sample of Windows malware that enables criminals to harvest card data and PIN codes via the machine's recipt printer.

The malware - uncovered by UK-based Trustwave - is installed and activated through a dropper file by the name of isadmin.exe and has been found on machines running the Windows XP operating system. Once installed, the attacker can interact with the ATM by simply inserting a controller card and accessing an array of command options via the machine's keypad.

Trustwave says the command options allow for the output of harvested magstripe card data via the ATM's receipt printer or by writing the data to an electronic storage device using the machine's card reader. Analysts also discovered code indicating that the malware could eject the cashdispensing cassette.

Trustwave recommends that all financial institutions perform analysis of their ATM environment to identify if this malware or similar malware is present.

In a statement, the company says: "Trustwave collected multiple version of this malware and therefore, feels that over time it will evolve. It will also begin to propagate to a more wide-spread population of ATMs, thus a proactive approach in prevention and identification will be necessary to prevent future attacks."

Read the full Trustwave analyst briefing document:

http://www.finextra.com/finextra-downloads/newsdocs/Trustwave-Security-Alert-ATM-Malware-Analysis-Briefing.pdf

Source : www.finextra.com

Article provided by Chetan R Kanchan - Risk Analyst - HCL Insurance (London)

Friday, June 26, 2009

10 biggest virus attacks

The past few decades has seen many viruses wreck havoc on computers. Over the years these deadly programmes have been gaining in sophistication and constantly changing their complexion and mode of transfer.

Despite a slew of security tools for all possible touch points in our computer systems and networks the virus and other malware menace continues unabated. Here we bring to you the biggest virus attacks of all time.

Elk Cloner (1982)

Elk Cloner (1982)

Regarded as the first virus to hit personal computers worldwide, "Elk Cloner" spread through Apple II floppy disks. The programme was authored by Rich Skrenta, a ninth-grade student then, who wanted to play a joke on his schoolmates.

The virus was put on a gaming disk, which could be used 49 times. On 50th time, instead of starting the game, it opened a blank screen that read a poem: "It will get on all your disks. It will infiltrate your chips. Yes it's Cloner! It will stick to you like glue. It will modify RAM too. Send in the Cloner!" The computer would then be infected.

Elk Cloner was though a self-replicating virus like most other viruses, it bore little resemblance to the malicious programmes of today.

Brain (1986)

Brain (1986)

`Brain' was the first virus to hit computers running Microsoft's then popular operating system DOS. The virus was written by two Pakistani brothers, Basit Farooq Alvi and his brother Amjad Farooq Alvi and left the phone number of their computer repair shop.

A boot-sector virus, Brain infected the boot records of 360K floppy disks. The virus would fill unused space on the floppy disk so that it could not be used. The first "stealth" virus, it hid itself from any detection by disguising the infected space on the disk. Due to its partial non-destructiveness, Brain often went undetected as many times users paid little attention to the slow speed of floppy disk access.

The virus was also known as Lahore, Pakistani and Pakistani Brain. BusinessWeek magazine called the virus the Pakistani flu. The brothers told TIME magazine they had written it to protect their medical software from piracy and it was supposed to target copyright infringers only

Morris (1988)

Morris (1988)

Written by a Cornell University graduate student, Robert Tappan Morris, the virus infected an estimated 6,000 university and military computers connected over the Internet. Incidentally, Morris's father was a top government computer-security expert,

The computers Morris invaded were part of the Arpanet, an international grid of telephone lines, buried cables, and satellite hookups established by the Department of Defense in 1969.

Interestingly, Morris later claimed that the worm was not written to cause damage, but to gauge the size of the Internet. An unintended consequence of the code, however, led to the damage caused.

CIH (1998)

CIH (1998)

Chernobyl virus also known as CIH was first detected in 1998, however, it first triggered in April 1999, 13th the anniversary of the Chernobyl nuclear disaster (which took place in Ukrainian).

One of the most harmful viruses, it overwrites critical information on infected system drives. The virus was reportedly the first virus known to have the power to damage computer hardware, with virus attempting to erase the hard drive and overwrite the system's BIOS as well.

The virus is also known as "space filler virus," due to its ability to clandestinely take up file space on computers and prevent anti-virus software from running. The malicious programme caused widespread damage in several Asian countries paralyzing thousands of computers

Melissa (1999)

'Melissa' was one of the first viruses to spread over email. When users opened an attachment, the virus sent copies of itself to the first 50 people in the user's address book, covering the globe within hours.

The virus known as Melissa -- believed to have been named after a Florida stripper its creator knew -- caused more than $80m in damage after it was launched in March 1999. Computers became infected when users received a particular e-mail and opened a Word document attached to it.

First found on March 26, 1999, Melissa shut down Internet mail systems at several enterprises across the world after being they got clogged with infected e-mails carrying the worm. The worm was first distributed in the Usenet discussion group alt.sex. The creator of the virus, David Smith, was sentenced to 20 months imprisonment by a United States court.

ILOVEYOU (2000)

ILOVEYOU (2000)

Travelling via email attachments, "Love Bug" exploited human nature and tricked recipients into opening it by disguising itself as a love letter. The virus stunned security experts by its speed and wide reach. Within hours, the pervasive little computer programme tied up systems around the world.

The virus which was similar to the earlier Melissa worm, spread via an email with the tantalising subject line, "I Love You." When a recipient opened the attachment, the virus sent copies of itself to his entire address book. It then looked for files with .jpeg, .mp3, .mp2, .css and .hta extensions and overwrote them with itself, changing the extensions to .vbs or .vbe. These files then could not be retrieved in searches.

The bug affected companies in Taiwan and Hong Kong -- including Dow Jones Newswires and the Asian Wall Street Journal. Companies in Australia had to close down their email systems to keep the virus from spreading (80 per cent of the companies in Australia reportedly got hit).

The victims also included Parliaments of Britain and Denmark. In Italy, the outbreak hit almost the entire country. In the United States too, the e-mail systems were shut down at several companies.

Code Red (2001)

Code Red (2001)
Said to be one of the most expensive viruses in history, the self-replicating malicious code, 'Code Red' exploited vulnerability in Microsoft IIS servers. Exploiting the flaw in the software, the worm was among the first few "network worms" to spread rapidly as they required only a network connection, not a human opening like attachment worms. The worm had a more malicious version known as Code Red II.

Both worms exploited a bug in an indexing service shipped with Microsoft Window's NT 4.0 and Windows 2000 operating systems. In addition to possible website defacement, infected systems experienced severe performance degradation. The virus struck multiple times on the same machine.

Code Red II affected organisations ranging from Microsoft to the telecom company Qwest to the media giant Associated Press. According to a research firm Computer Economics, the virus caused damage worth above $2 billion. Incidentally, Microsoft had issued a patch to fix the vulnerability almost a month earlier, however, most system operators failed to install it.

Blaster (2003)

Blaster (2003)

'Blaster' (also known as Lovsan or Lovesan) took advantage of a flaw in Microsoft software. The worm alongwith 'SoBig' worm which also spread at the same time prompted Microsoft to offer cash rewards to people who helped authorities capture and prosecute the virus writers.

The worm started circulating in August 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster.

On August 29, 2003, Jeffrey Lee Parson, an 18-year-old from Hopkins, Minnesota was arrested for creating the B variant of the Blaster worm; he admitted responsibility and was sentenced to an 18-month prison term in January 2005.

Sasser (2004)

Sasser (2004)

Another worm to exploit a Windows flaw, 'Sasser' led to several computers crashing and rebooting themselves.

Sasser spread by exploiting the system through a vulnerable network port. The virus, which infected several million computers around the world, caused infected machines to restart continuously every time a user attempted to connect to the Internet. The worm also severely impaired the infected computer's performance.

The first version of worm struck on April 30, 2004. The worm’s three modified versions have followed it since then, known as Sasser.B, Sasser.C and Sasser.D. The companies affected by the worm included the Agence France-Presse (AFP), Delta Air Lines, Nordic insurance company If and their Finnish owners Sampo Bank.

Storm worm (2007)

Storm worm (2007)

Another big Trojan attack was Storm worm that hit computers worldwide in January 2007. The Storm worm originally posed as breaking news of bad weather hitting Europe. Over time, the worm was also seen in emails with the following subjects: personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs.

Users who fell for it unknowingly became a part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.

The worm infected millions of PCs worldwide and was compared to the Sasser and Slammer attacks of 2006 in terms of damage caused. On April 1, 2008, a new storm worm was released onto the Net, with April Fools-themed subject titles.

Source : www.indiatimes.com ; Infotech..


Thursday, June 25, 2009

Plastic Flashback - A visual history of the credit card.

Plastic Flashback

Diners Club Card, 1951


As the story goes, 60 years ago, Frank McNamara, the founder of what's considered the first credit card, was eating out at a restaurant, and when the check arrived, he realized that he had not brought along his wallet. The embarrassing situation led him to eventually create the Diners Club card, which allowed members to pay restaurant bills monthly. The card itself was wallet-sized and made of paper and wasn't any fancier than a library card. But the idea behind it-a third party facilitating a "buy-now, pay-later" process-was revolutionary.


BankAmericard, 1958

The first bank credit card, the BankAmericard, was unveiled when Bank of America gave out 60,000 unsolicited cards in Fresno, Calif., in 1958. Unlike in the past, when getting a loan might have meant taking a trip to the bank’s basement, this card was a ticket for anyone to spend freely and decide when was best to pay it back.


American Express Card, 1959

Plenty of large and small players saw the opportunity in the card business and jumped in quickly. American Express(AXP) differentiated itself from other providers by offering the first-ever plastic credit card in 1959. As opposed to flimsier cards, the plastic alternative was designed to “better withstand day-to-day use.”


American Express Executive Card, 1968


Through aggressive marketing and the mass mailings of unsolicited credit cards, companies were able to sign up millions of customers in a short amount of time. American Express carved a niche in the saturated market when it released the gold-colored version of its executive credit card in 1968. It was one of the first in a line of color-coded luxury cards geared toward the affluent market—a low-risk, and often heavy-spending, group. The card was simultaneously a status symbol for those high-rollers who wanted everyone to know it.


Master Charge Card, 1970

Here’s one corporate logo that hasn’t changed much over time. Though “Master Charge: The Interbank Card” changed its name to MasterCard (MA) in 1979, the iconic intersecting circles stuck around.


Chase Visa Card, 1984

By 1984, 71 percent of all Americans between the ages of 17 and 65 carried a credit card. In fact, the country was downright swipe-happy. By 1986, the average outstanding balance of cardholders with revolving accounts was $1,472, up from $649 in 1970


Discover Card, 1986

The first Discover Card debuted in a Super Bowl ad in 1986. Its message: “Very few things cost you nothing to get and pay you back every day. But the new Discover Card does.” The card had no annual fee and cash-back bonuses, which became standard offerings on many cards. It also featured the image of a rising sun, one of the earliest attempts to incorporate art onto the face of a card.

Visa/NFL Co-branded Credit Card, 1989

Eventually, it became apparent to providers that the credit card could be a marketing canvas in itself. Instead of their logos occupying the entire face, in the late ’80s, Visa (V) and MasterCard began experimenting with more aesthetically appealing cards. The provider logo was reduced to a tiny stamp on the corner of the card. Organizations, like the NFL, were happy to co-sponsor the cards.


Rolling Stones Co-Branded MasterCard, 1995

Marketers banked on the idea that customers would want cards that offered them some sort of emotional connection. It turns out, they did. In the mid-’90s, Rolling Stones fans could use this card to get discounts at selected music shops and earn frequent-buyer points to buy items from the band’s merchandise line.


University of Delaware MasterCard, 1997

By the late 1990s, over 70 percent of college students had credit cards. Many a parent was not pleased. Students, who often have little or no income, tend to rack up debt (and interest charges)—which is precisely why the credit card companies market heavily on campus. Various companies began to face criticism for placing the school logos on the card, as well as for offering slices of pizza to students who applied for accounts.

Austin Powers TM Titanium Visa, 2000

The Austin Powers TM Titanium Visa from First USA was a big hit when first released. The sales pitch: “It's Titanium, Baby!” According to a news article at the time, its rate was 10.9 percent, compared to 9.9 percent for the plain, old Titanium Visa. But, as an enticing selling point, cardholders got a wide-screen video edition of Austin Powers: International Man of Mystery after the first use.


Discover Card, 2009

Pets are among the most popular designs that customers select for their credit cards these days. AtDiscover (DFS), the orange tabby cat card is a top seller, according to its PR department. While card designs like this one may be appealing, it’s a troubling trend, says Robert Manning, author of Credit Card Nation. “People are picking out a card because they can have a picture of a cat on it rather than looking at the terms,” he says.

Source: www.bigmoney.com, By Caitlin Mcdevitt.

Monday, June 22, 2009

PONZI SCHEME INDICTMENTS - Five Charged in $7 Billion Ploy - After Madoff its Sir Allen Stanford

Today in Washington, D.C., the FBI, Department of Justice, and our partner agencies announced at a press conference the unsealing of an indictment in the Southern District of Texas related to a multi-billion dollar Ponzi scheme that victimized thousands of people in the U.S. and abroad.

The indictment charges Robert Allen Stanford, the sole shareholder of the Houston-based Stanford Financial Group and other affiliated companies, with defrauding investors who purchased approximately $7 billion in certificates of deposit administered by Stanford International Bank, an offshore bank located on the island of Antigua.

Charges against Stanford, along with four other individuals, include conspiracy to commit mail fraud, mail fraud and securities fraud, wire fraud, obstructing an investigation by the Securities and Exchange Commission (SEC), and conspiracy to commit money laundering.

Said Lanny Breuer, Assistant Attorney General for the Department of Justice’s Criminal Division, “As today’s charges make clear, the Department will vigorously root out and expose financial crimes that wreak havoc on innocent investors.”

Also charged were:

  • Laura Pendergest-Holt, chief investment officer of Stanford Financial Group and a member of Stanford International Bank’s investment committee, who had also been previously charged with obstruction of justice in a separate SEC proceeding;
  • Gilberto Lopez, Stanford Financial Group’s chief accounting officer;
  • Mark Kuhrt, global controller for Stanford Financial Group;
  • Leroy King, administrator and chief executive officer of the Financial Services Regulatory Commission, the regulator for Antigua and Barbuda’s financial services industry. King allegedly accepted bribes to ensure that Stanford International Bank was not subject to close scrutiny by Antiguan or U.S. regulators.
Additionally, a criminal information was unsealed today charging James M. Davis, Stanford Financial Group’s chief financial officer, for his role in the scheme, along with an indictment charging another former Stanford Financial Group employee with destroying company records.

The scam. According to the indictment, Stanford International Bank offered—through its network of financial advisors—CDs with higher (and ultimately bogus) rates of return than those available through CDs offered by U.S. banks. Stanford and his co-conspirators also misrepresented to clients the actual financial condition of Stanford International Bank, its investment strategy, and the extent of its regulatory oversight by Antiguan authorities.

While collecting billions from his investors, who placed their trust and in some cases their life savings with him, Stanford and his co-defendants were allegedly misusing and misappropriating most of these assets, including diverting at least $1.6 billion into undisclosed personal loans to Stanford himself.

According to FBI Assistant Director Kevin Perkins, the FBI has seen an increase in Ponzi schemes. In the past 18 months, we’ve opened 100 new cases into these scams, many involving losses of more than $20 million. “Ponzi schemes and other securities fraud investigations are one of the top priorities of the FBI’s Criminal Investigative Division,” said Perkins. “We recognize the enormous impact these crimes have on the economy as a whole and on the trust of investors.”

Echoed U.S. Attorney Tim Johnson, Southern District of Texas, “The investing public needs to be assured that it is protected from those who would corruptly deprive them of their financial security.”

The case was worked jointly by the Department of Justice, FBI, Internal Revenue Service, U.S. Postal Inspection Service, and U.S. Securities and Exchange Commission.

Source: www.fbi.gov - Federal Bureau of Investigation, United States

Thursday, June 11, 2009

As debt grows, US car owners turn to fraud - Arson


DRIVEN to desperation, a growing number of financiallystrapped car owners in the United States are torching, sinking or ditching their vehicles and then
reporting them stolen to cash in on the insurance. SUVs have been found ablaze in the Nevada desert, cars have been dumped in a Miami canal and a BMW was discovered buried in a field in Texas. Some vehicles have been parked in the path of a hurricane.
Known as owner give-ups, the scams have increased even as auto thefts dropped nationally — a sign that the
deepening recession is pushing the trend. Authorities say most of the false claims are filed by firsttime offenders looking for a quick financial fix with little regard for the consequences. “We see people doing this kind of crime who ordinarily wouldn’t steal candy from a store,” said Tom Reilly, a sheriff’s investigator in Texas. James Quiggle, a spokesman for the Coalition Against Insurance Fraud, blames the problem on people who think “insurance companies are rich and fat and won’t miss a few dollars.”
Experts say the billions of dollars in insurance losses are actually recouped from honest consumers as premium increases. When gas prices shot up to $4 a gallon last summer, investigators reported a number of suspicious auto theft claims involving SUVs and other gas guzzlers. But, as gas prices dipped and the economy sputtered, the trend extended to all kinds of models.
Two years ago, Las Vegas detectives were
looking into two or three cases of suspicious auto theft a week. But, in the past 2 1/2 months, they have investigated 83 such cases and made 11 arrests , said Lt Bob Duvall, head of the city’s Metropolitan Police Department’s auto theft unit.

Source: The Economic Times, 11.06.09

Cyber crime 'more profitable than drugs'

Experts have demanded tough new penalties and greater international police co-operation to tackle cyber crime.

The crackdown is needed to halt the proliferation of child pornography and the growing number of attacks on banking and social networking websites, they say.

Keynote speakers at the opening day of the Australian High Tech Crime Conference in Sydney said cyber crime now generated over $US100 billion ($A126.53 billion) globally a year, making it more profitable than the illegal drug trade.

"Cyber criminals are often one step ahead of law enforcement agencies and take great delight in being so," NSW Attorney General John Hatzistergos told the conference.

University of Technology Sydney (UTS) Professor Michael Fraser said an attack on public or financial computer networks could cause more damage than the September 11 terrorist attacks.

"Cyber crime is attacking individuals, our economy and our culture," he said.

"This is the age of cyber crime and it is increasing.

"The 9/11 attackers used low tech methods on a high tech infrastructure. The consequences of a similar attack on cyber space could be even more widespread.

"At the moment the internet is a free for all, like a wild west town, and people are scared.

"People say the internet should not be regulated or subjected to law enforcement. I disagree, it is naive to take that view," Professor Fraser said.

Tuesday's conference speakers also demanded greater integration of Australian state and federal laws to ensure more cyber criminals are caught and prosecuted.

Source: The Sydney Morning Herald; 09.06.09

Tuesday, June 9, 2009

How to be more careful with your credit card

Can you imagine your life without a credit card? Whether it's to make payments online, shop till you drop, or for use as a lifeline in an emergency, the arrival of the credit card has been fortuitous both for the consumer, as well as the credit card company.

Card cloning?!

As efficient and easy as the credit card makes your life, the world over, credit card theft and fraud is a problem that is slowly but certainly spiralling out of control.

Card-cloning is the latest in a string of issues faced by the banking industry, by which card details are furtively recorded during transactions at petrol pumps and supermarkets and emailed across the globe for illegal withdrawals from ATMs.

In fact, customers at a petrol pump in the city of Leicester recently found that their card details were used to withdraw money from various places across the world, including India.

IIT fraudster!

Closer to home, an 18-year-old IIT student posed as a bank executive, got credit card details from customers, and then used the data to book air tickets and buy laptops. He tied up with a travel agent to cancel the tickets and share the returns, while he sold the laptops across the country at a discount.

He scammed 25 cardholders of Rs 650,000 in less than six months!

While the banks and authorities grapple with theft and fraud, it's not just these conmen and tricksters that you need to look out for.

Are you a victim? Learn to protect yourself

Firstly, did you request your card, or was it forced on you? You need to know that no bank has the right to forcibly issue a credit card without prior consent, and they certainly can't charge you for it.

Your acceptance of and/or use of the card automatically implies your acceptance of the terms of the user agreement. You should know what the agreement contains and, if there is anything in it that you disagree with, you are responsible for declining the card.

In some agreements, there is a time limit for rejecting the card. If/when that time passes, the agreement automatically becomes valid.

When an issuer does try to sell you a product on the phone, you must ask for terms and conditions, application forms and so on before you agree to take a credit card.

Make it a priority to fill in all application forms yourself, and choose your credit card company only after reviewing all the specifics such as interest rates, processing charges, and so on.

Companies also add to costs by tacking on subscriptions to insurance services or publications without your approval. Be wary of these occurrences.

In fact, if you read the fine print carefully, you might see additional information about rewards and travel programmes, insurance coverage and privacy policies, lists of fees, and information about foreign currency transactions.

Make sure you understand what each of these means, and what it is you are getting yourself in to.

Credit card interest rates

What about the interest rate on your card? How often have you been offered, and succumbed to a card at 0% interest, only to find that interest is charged after the first few months?

Then there is the common occurrence of a sudden increase in the interest rate, with no forewarning. While banks have the discretion to make changes, the RBI has now released guidelines stating that the total annual percentage rate cannot be more than 30 per cent.

It is interesting to note here that while the RBI has issued a list of guidelines, these are generally not issued to the consumer. Understand that if the credit card company does withhold information, it is considered an offense.

Banks are expected to be transparent, especially in their terms and conditions. In fact, the Reserve Bank of India [ Get Quote] has ordered that the terms and conditions should be printed in a size that is easy to read and process!

Late payment

Late payment is another issue that plagues most consumers, because interest is charged on the unpaid balance.

Many people make cheque payments on the due date, and with no mechanism to record the date of payment, card companies sometimes use this as an opportunity to slap on late fees. Some banks have even introduced the concept of charging people for not using their credit cards.

Bank alerts

And finally, did you receive an e-mail, SMS or letter from your card issuer about the recent lowering of credit limits?

Many people did not. Legally, banks must notify any change in fees or charges (through the website, statements of accounts, email, SMS alerts and notice board at branches) 30 days before the revised charges become effective.

In order to prevent credit limit being reduced, make sure you pay your credit card bill on time. Always pay more than the minimum requirement, and repay as much as you can quickly to get that loan off your books.

Sorting out a dispute

If there have been problems with your card, then arm yourself. Begin by creating a record of the incident by writing to the head office of the card-issuing organisation.

Since most banks have a dispute redressal mechanism in place, you might register a complaint on the phone; remember to note the name of the person and the time and date of the conversation.

If your complaint is not acknowledged and no action is taken within a month, then you have the option of lodging a complaint with the banking ombudsmen appointed by the RBI. The other option, which is available to individuals, is to appeal to the consumer courts.


Source : www.rediff.com , 09.06.09

Saturday, June 6, 2009

CommBank cyber scam hits phone and SMS

The relentless barrage of scam attempts aimed at Commonwealth Bank customers has transcended email, with the sophisticated Eastern European cyber criminals now targeting people via telephone and SMS.

Offices and homes are being called several times a day by an automated system, purporting to be the Commonwealth Bank, telling them they have an error on their account and need to ring an Australian phone number immediately to have the problem rectified.

Calling the number prompts victims to enter their credit card number and security code, which are then harvested and used to make fraudulent purchases.

Paul Hurley, who works for the Sydney-based accounting firm Priestley & Morris, said his office received about 60 calls from the scammers yesterday, with some employees receiving up to five calls on their direct line. If the call wasn't picked up, the scammers even left voicemail messages.

"It looked like it was going through the phone list - our [phone] extensions go one after the other and from the night before last through to 6 or 7 o'clock last night we were still getting calls," he said.

"It's a female voice and ... even though it's an automated, almost robotic voice it's still got an accent to it"

Commonwealth Bank spokesman Steve Batten said the bank had traced the scammers to Russia or somewhere in Eastern Europe.

"The good news is a number of these phone numbers have actually been identified and closed down by the Australian Federal Police," he said.

The new phone and SMS scams complement a sustained email phishing campaign that has been targeting Commonwealth Bank customers - some at a rate of several scam emails a day - since late last month.

St George, NAB and Bank of Queensland customers are now also being targeted.

The emails, which look authentic and include the Commonwealth Bank's logo, try to trick the victim into handing over sensitive information by telling them they need to unlock an account, activate a card, claim a fee refund, update internet banking details, view an important security message or complete a survey in exchange for payment.

They have largely managed to evade spam filters.

Craig McDonald, managing director of email filtering company MailGuard, said this was because the scammers were changing up their tactics faster than the anti-spam software makers could update their software.

"What we're looking for is identifying legitimate mail rather than trying to identify non-legitimate mail," he said.

McDonald was not surprised that the hackers were now moving on from email and targeting people via phone and SMS.

"At the end of the day the criminals will do anything and everything to take advantage of people ... so any way they can get someone to give them any information about their person, whether it's date of birth, account numbers, passwords, whether that's via email or SMS or fax - they'll do anything."

Source: By Asher Moses, The Age, 05.06.09