You no longer have to be an involuntary beta tester. Dr Dave guides you through the technology maze, separating the hype from technology that actually adds to the quality of your life.

The Best of Dr Dave's Weekly Radio Show

Click here to listen to Archive shows

Thursday, December 04, 2008

Checkfree service compromised Monday/Tuesday

The Checkfree payment service was hijacked in an effort to get private information. Read the details in the link above.

Makes clear the need for a basic awareness of what you are doing on the Internet. You can't get away with a sleepy attitude while surfing the 'net. Pay attention to what you are doing and have a basic understanding of how things are supposed to work and look.

The most powerful security protection available will not prevent you from providing your personal information to the bad guys, if you are not paying attention...

1 comments:

Anonymous said...

This is much more far reaching than reported by most sources. A large percentage of U.S. Banks use Checkfree as their BillPay product. Their servers re-direct you to Checkfree(typically by name). So a huge number of people paying their bills at their bank were subjected to this.

According to the news articles, CheckFree KNOWINGLY allowed its customers to be subjected to malware downloads for over 5 hours and provided NO notification to individuals and corporations doing business with them.

This is unconscionable behavior. They should be held legally liable for the expense of cleaning up individual PC's as well as the expenses of PR campaigns that need to be taken by their corporate customers that re-sold their service.

I agree that individual users should be responsible for keeping up to date Anti-Virus, Anti-Spyware, and other security measures in place. But, someone in this company made a conscious decision to withhold this information from its business partners. Given that, there should be repercussions for their actions. At the very least, I hope that they lose enough customers to force them to change their behavior.

The DNS re-direction should never have happened. If you follow the stories, what actually happened is that they logged into CheckFree's Network Solutions account and changed the DNS entries just like CheckFree would have done for a legitimate change.

If you follow the link below, you'll see that a massive Phishing campaign was launched targeting the Network Solutions and eNom customers' logins. This was launched by the Russian Business Network (RBN) and the site that checkfree was re-directed to is a known RBN server.

LINK: http://news.softpedia.com/news/EstDomains-039-Accreditation-Problem-Prompts-Domain-Accounts-Phishing-Campaigns-96913.shtml

In my opinion it seems that the most likely situation is that someone at CheckFree responded to the above referenced Phishing attack and provided them with the login credentials for Network Solutions. Then the RBN got the server ready, then changed the DNS entries, and began collecting customer information. I would expect that this will be followed up by massive amounts of fraud. The malware being served were Trojans of at least two different Bloodhound variants. These are Key Logging Trojans.

This whole thing strikes me as a serious of major failures on the part of CheckFree.