Wednesday, 02 November 2011

Webinjects for Sale on the Underground Market

According to Amit Klein, Trusteer's CTO cybercriminals have been busy developing webinjects for Zeus and Spyeye to orchestrate and develop malevolent attacks against certain brands. Webinjects are malware configuration directives that are used to inject rogue content in the web pages of bank websites to steal confidential information from the institution's customers. And it's not a contained problem as Tanya Shafir from Trusteer's research team has discovered that these webinjects are actually being offered for sale on many open internet forums!

Tanya's investigations reveal that these shrewd developers are earning a decent income from selling the Zeus/Spyeye webinjects service to an increasingly diverse customer base. The really interesting element is that they're not too bothered whether the customer has the skills to use it. In fact, they'd probably prefer they didn't, as the developers have gone to the trouble of obfuscating the Zeus/Spyeye webinjects, not because they want to confuse malware researchers, but to try and prevent piracy of their software!

Amit Klein said, "That means, ironically, that these criminals are actually taking steps to protect their own intellectual property. I suppose they have to do something as they can't resort to litigation."

Since webinjects can't be modified by the customer, if they need localization for a specific country and language, this can only be carried out by the developers. Who are only too willing for a price:

CertiVox Secures New Investment for Breakthrough Security Technology for the Cloud

CertiVox, an information security company announces that it has closed a second round of series A venture capital funding. The GBP 1,500,000 round (approximately USD 2,400,000) was led by Octopus Investments and included Pentech Ventures, both existing investors based in the UK. Following the investment, Dr. Luke Hakes, principal at Octopus, will join the CertiVox board. CertiVox will use the funding to expand its development team and bring to market the company's breakthrough certificateless encryption as a service platform. The CertiVox platform is built from the ground up to service the Web 2.0 and mobile worlds, and simplifies the securing of data in public and private cloud environments.

"The need for security and encryption for the cloud is clearly a big market opportunity," said Dr. Sandy McKinnon, Pentech Ventures partner and CertiVox board member. "CertiVox's encryption platform fundamentally addresses the vulnerability of storing the keys and the data together. The CertiVox platform leapfrogs users' data compliance concerns and simplifies everything about public and private cloud security. We see CertiVox as a driving force to deliver confidence in a connected world by strengthening security today, for the next generation of smart devices and for all things internet and we hope to create a company that transforms security software."

Intercede Shows the Way for PIV Credentials on NFC Smart Phones

Intercede the producer of MyID, will be presenting its innovative mobile credentialing solution for smart phones at the tenth annual Smart Card Alliance Government Conference in Washington DC from today.

Attendees of the leading showcase for government projects in ID and security will be able to discover how Intercede MyID is leading the way in over-the-air (OTA) provisioning of secure identity credentials to smart phones. Furthermore, delegates will see how Intercede's solution enables these ID credentials to be used over an NFC interface to gain access to secure physical and logical assets.

In particular, their presentation will feature a novel approach to allow two mobile users to validate each other using NFC phone-to-phone technology.

Intercede Chief Executive Richard Parris commented: "Intercede's approach to the OTA provisioning of PIV and other electronic credentials is setting a new benchmark for ease of use, security and convenience. With the technological complexities now solved we are working with policy makers to ensure any final barriers to adoption are removed."

Smartphone Usage Grows in the UK

comScore's latest digital marketing intelligence study recently published data on smartphone usage in the EU5 region - made up of Germany, France, Italy, Spain and the United Kingdom - which clearly shows a strong growth in the use of smartphones. While in August 2010 the share of smartphone users equalled 27.2 %, it increased to 38.9 % in August 2011. In the U.K. the share of smartphone users of the total mobile population increased from 29 % to 45.6 %. So, the total number of smartphone users increased by 46 % year on year. This and more in depth data from comScore's research will be presented at the "Mobile National Day London" conference about the "Mobile Personal Internet" on 22nd November 2011

Fujitsu Semiconductor Introduces NAGRA Certified Set-Top-Box Chipsets to Ensure Content Security

Fujitsu Semiconductor Asia Pte Ltd (FSAL) announce its HDTV multi-decoder processor MB86H611 (a member of MB86H61 series) with advanced security architecture has been successfully certified by NAGRA, the world's leading provider of advanced content protection and multi-screen user experienced solutions . The announcement underscores a good fit for the company's HDTV decoder family to meet the market where modern content security architectures increasingly rely on the video chipset.

With the rapid growth of the operator market spanning the globe, content protection has become increasingly important to the market players, particularly in emerging markets. Being compliant to NAGRA On-Chip Security requirements version 1.1. (NOCS 1.1), MB86H611 enables to run NAGRA's latest products on the Fujitsu's platform.

The MB86H61 series is a highly integrated HD Multi-Standard Digital Television Decoder designed to meet the needs of globally expanding HD set-top-box and IDTV market featuring CI+ and/or embedded CAS for advanced security. The MB86H61 is a single-chip video decoder supporting H.264 / AVC, MPEG-2, AVS and VC-1 video decoding up to high definition resolution with up to 1080p 50/60Hz output.

"With increasing demands driven by the customers, the bar of performance for set-top boxes has been pushed higher and higher while security stays as a critical concern to address," said Mr. Andy Chang, Associate Vice President of Fujitsu Semiconductor Limited Asia. "Fujitsu's set-top box chipsets with integrated NOCS technology ensures certified platform level security for multiple purposes such as controlling and securing digital outputs."

Payments Council Appoints Experian to Create and Manage New Reference Database

The Payments Council has appointed Experian to create and maintain an industry database of corporate customers' payment information. The central biller database, which will improve the accuracy of payments made using online and telephone banking, is scheduled to go live in late 2012.

Experian will collect, verify and standardise information from banks on how their corporate customers (billers) receive payments. The full database is to be used by banks to make it easier for online and telephone banking customers to find accurate information when paying their bills - for example via simplified drop-down menus. The service will also benefit billers, who will find it easier to reconcile incoming electronic payments by providing more accurate billing information for customers to use.

The central biller database is an initiative from the Payments Council's recently published National Payments Plan (2011-2014), forming part of the Payment Council's programme of activity to enhance existing payment services through innovation.

Hilary Plattern, Head of Strategy for the Payments Council, said: "This innovative solution is a win-win: consumer customers making payments benefit from increased confidence in the accuracy of the information they use to pay bills online or over the phone, while companies can be confident their customers are using up-to-date bank account and sort code details, as well as correctly-formatted references.

Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group.

To Unsubscribe Email Us at or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you receive this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Tel: +44 (0)1903 734 677