Alexandria, Va., January 31, 2006 – Registration is now open for NCUA’s Access Across America Summit, held at the Sheraton Tampa Riverwalk Hotel in Tampa, Florida on March 6. To register for the free, one-day summit, please visit the NCUA website.

Websense® Security Labs™ has received reports of a phishing attack that targets customers of The Southern Federal Credit Union. Users receive a spoofed email message claiming that they must confirm their e-mail address so they can receive important announcements. The email provides a link to a phishing site that attempts to collect personal and account information.

Phishing screenshot #1:

Phishing screenshot #2:

Alexandria, VA, January 30, 2007 – The National Credit Union Administration (NCUA) Outreach Task Force held its first meeting at NCUA headquarters today. The thirteen member group had an opportunity to meet each other and conduct an initial discussion on the recommendations of NCUA’s Member Service Assessment Pilot (MSAP) and the GAO Report on credit unions’ service and senior executive compensation arrangements. The Task Force was created last November to provide a better understanding and evaluation of the NCUA’s outreach efforts and in further response to the findings in the agency’s MSAP: A Study of Federal Credit Union Service. The MSAP was compiled in response to a request from the Government Accountability Office (GAO) and the House Ways and Means Committee.

Websense Security Labs has discovered a new information-stealing, malicious code attack, which appears to provide more evidence that Russian-based malicious code writers and Brazilians are either working together, or are sharing tools or information. (Previous post: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=724).

If users click on the link within the email, they are redirected to a page that is hosted in Russia. That page attempts to exploit the user with the “VML” vulnerability. If the user’s PC has not been properly patched, the site downloads and runs an executable called “stylecss.exe”. This file is packed with “Yoda’s protector,” and has an MD5 of b6b2ccb8d1b862fa92c71a17c1795af2. The file adds information to the Run key in the registry: (C:\Arquivos de programas\ExAlien.exe). Once running, the file is designed to steal information from end-users when they visit banking websites.

Email screenshot (Vivio is a very large mobile carrier in Brazil):

The attack is written in broken Portuguese and roughly translates to:

Dear customer,
 
We’d like to inform you that our database shows several pending payments in your account, which haven’t been paid in their respective due dates.

On 2/23/2006 value R$ 987.00 Details>>>

On 3/26/2006 value R$ 1,980.00 Details>>>

We ask your attention to this notification, since legal measures will be taken, such as the inclusion [of your name] in the Credit Protection Service (SPC) and Serasa [a Brazilian institution that protects credit].

For your security and convenience it is necessary to download the Pendencies Report file.

Pendencies Report File Verify Pendencies
If you have already settled your payments, please ignore this.

January 30, 2007, Alexandria, VA–National Credit Union Administration (NCUA) Board Member Gigi Hyland traveled to Florida last week to discuss the many challenges and opportunities facing credit unions, while participating in a series of events. On Wednesday, Board Member Hyland addressed the Southernmost Chapter in Miami Lakes, and the South Florida and Broward Chapters in West Palm Beach on Thursday. Prior to Thursday’s meeting, Board Member Hyland visited PBC Credit Union and Town of Palm Beach Federal Credit Union, both located in West Palm Beach.

Why is Cyber Security a Problem?

NCUA has reiterated that credit unions can use automated valuation methods (AVMs) to determine the value of real property for smaller mortgages. Credit unions can use AVMs in the lending process provided each market valuation calculated by the AVM is reviewed by an individual with knowledge, training, and experience in the local real estate market. This individual can be a credit union employee, such as a loan officer.

NCUA has reiterated that credit unions can use automated valuation methods (AVMs) to determine the value of real property for smaller mortgages. Credit unions can use AVMs in the lending process provided each market valuation calculated by the AVM is reviewed by an individual with knowledge, training, and experience in the local real estate market. This individual can be a credit union employee, such as a loan officer.

Websense® Security Labs™ has received reports of a phishing attack that targets customers of State Farm Bank. Users receive a spoofed email message, claiming that they should update their account information because the SSL servers have been upgraded. The email provides a link to a phishing site that attempts to collect personal and account information.

Phishing Screenshot:

The National Credit Union Administration (NCUA) has issued orders prohibiting the following individuals from participating in the affairs of any federally insured financial institution.