The federal financial regulatory agencies announced today the issuance of a new interagency policy statement on the Allowance for Loan and Lease Losses (ALLL) and supplemental Frequently Asked Questions (FAQs). The policy statement revises and replaces a 1993 policy statement on the ALLL.

Websense® Security Labs^TM has received reports of a new form of cyber-extortion. Unlike previously documented cases (where end-users were infected with malicious code, certain file types were encoded or encrypted, and a ransom message was left on the machine), this attack compromises users’ online web mail accounts. When end-users logged into their web mail accounts (in this case Hotmail), they noticed that all their ’sent’ and ‘received’ emails were deleted along with all their online contacts. The only message that remained was one from the attacker that requested they contact them for payment in order to receive the data back.

In this case, the end-users had recently visited an Internet cafe where their credentials may have been compromised.

The email, which was poorly written in Spanish, roughly translates in English to:

“If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don’t write soon!”

Screenshot 1: Message in Spanish

Screenshot 2: Mailbox with message

Previous Cyber Extortion (AKA Ransomware) alerts:

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=194
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=320

NCUA revised the Your Insured Funds Brochure to include changes made to NCUA Rules and Regulations, Part 745 when the final share insurance rule was issued in September 2006 and to include the new official NCUA sign revised in recent amendments to NCUA’s advertising rule, Part 740. The new brochure is available on NCUA’s website and will be available for purchase from NCUA publications in approximately 6 to 8 weeks.

Agenda for the 12/14/2006 NCUA Board Meeting is Available

Regulatory Alert: Final Rule: Part 748, filing Requirements for Suspicious Activity Reports. – Advises credit unions of the recent changes to Part 748 of the NCUA Rules and Regulations. These changes describe in greater detail the requirements for reporting and filing a Suspicious Activity Report (SAR) and address prompt notification of the board of directors of SAR filings, the confidentiality of reports and liability protection.

The NCUA Board approved a final rule to amend Share Insurance and Appendix, Part 745, in September 2006. As a result, important changes were made for the December 2006 5300 reporting period. The revised call report for the December 31, 2006 added ten new tracking accounts on page 3 of the call report and eight new accounts in the NCUA Insured Savings computation section on page 4 of the call report. These 5300 revisions will enable NCUA to properly track the new insurance changes.

National Credit Union Administration (NCUA) Vice Chairman Rodney E. Hood addressed the Federal Deposit Insurance Corporation (FDIC) in Washington, D.C.

Edward P. Dupcak, director of the National Credit Union Administration (NCUA) Region II office in Alexandria is retiring at year-end 2006 after nearly 33 years of service to the agency.

Microsoft has reported a new Microsoft Word zero-day vulnerability that is currently being exploited in the wild. http://www.microsoft.com/technet/security/advisory/929433.mspx

As with previous Office exploits, we expect email to be used as the initial infection vector, with lures to run attached documents. The exploits *usually* then connect to remote sites (that is, they are Trojan Downloaders) to download additional payloads. The Websense Threatseeker process mines the malicious code that is being downloaded through Trojan Downloaders such as Office zero-day exploits. Although attacks in the past have been limited in target numbers, business sectors, and regions, there is a potential for more widespread attacks with this Word zero-day.

National Credit Union Administration (NCUA) Chairman JoAnn Johnson joined U.S. Treasurer Anna Escobedo Cabral; Deputy Assistant Secretary Dan Iannicola Jr.; and other government, including staff members from the Office of Congressman Ruben Hinojosa (D-TX), private sector, and non-profit officials on Monday at the Southwest Regional Conference on Reaching Unbanked People.