Archive for May, 2007
May
31
The federal bank, thrift, and credit union regulatory agencies on Thursday issued final illustrations of consumer information intended to help institutions implement the consumer protection portion of the Interagency Guidance on Nontraditional Mortgage Product Risks that the agencies adopted October 4, 2006. The consumer protection section of the guidance sets forth recommended practices to ensure that consumers have clear and balanced information about nontraditional mortgages before choosing a mortgage product or before selecting a payment option for an existing mortgage.
May 29, 2007, Alexandria, VA - National Credit Union Administration (NCUA) Vice Chairman Rodney E. Hood met with Congressman Spencer Bachus last week on Capitol Hill. Congressman Bachus serves as the ranking member of the House Committee on Financial Services. In recognition of President Bush's declaration of last week as National Hurricane Preparedness Week, the Vice Chairman and ranking member Bachus discussed the action taken by NCUA in order to prepare the credit union community for hurricanes and other weather related emergencies.
May 29, 2007, Alexandria, VA - National Credit Union Administration (NCUA) Board Member Gigi Hyland announced that registration is now open for an upcoming Outreach Task Force “Town Hall” meeting to be held in Los Angeles, CA on Monday, July 16. To register, please visit NCUA's website at: http://www.ncua.gov/TH-Outreach/Index.htm
Websense® Security Labs™ has received reports of a new email spam variant similar to an attack launched early this year. The spoofed email purports to be from the Better Business Bureau (BBB). The message claims that a complaint has been filed against the recipient’s company. Attached to the message is a Microsoft Word document (Document_for_Case.doc), supposedly containing additional details regarding the complaint. The Word document actually contains a Trojan Downloader that, when opened, attempts to download and install a keylogger. This keylogger uploads stolen data to an IP address in Malaysia.
Sample Email Body:
From: Better Business Bureaus [mailto:operations@bbb.org]
Sent: Wednesday, May 23, 2007 7:39 PM
Subject: Complaint Case Number XXXXXXXXXX
Dear Mr./Mrs. XXXXXXXXXX XXXXXXXXXX
You have received a complaint in regards to your business services. The complaint was filled by Mr. Mark Williams on 5/21/2007
Complaint Case Number: XXXXXXXXXX
Complaint Made by Consumer Mr. Mark Williams
Complaint Registered Against: XXXXXXXXXX
Date: 5/21/2007
Instructions on how to resolve this complaint as well as a copy of the original complaint are attached to this email.
Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
- Claims based on product liability;
- Claims for personal injuries;
- Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.
The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.
The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.
© 2003 Council of Better Business Bureaus, Inc. All Rights Reserved.
Sample Email Screenshot:
Original BBB Alert: http://orwwa.bbb.org/release.html?value=61
NCUA is proposing to reincorporate the Federal Credit Union (FCU) Bylaws into NCUA regulations. This change clarifies NCUA's ability to use a range of enforcement authorities, in appropriate cases, to enforce the FCU Bylaws. In addition, NCUA is adding a bylaw provision on director succession, an issue it has previously addressed in legal opinions, and is revising the introduction to the Bylaws to conform it to these changes.
Board Member Gigi Hyland's Statement on Chartering and Field of Membership Amendments Considered at Today's Board Meeting
Websense® Security Labs™ has discovered that the official site of Audi in Taiwan has been compromised.
The site www.audi.com.tw contains an iframe that leads to another page located on the domain www.misofthelp.com. This site is obfuscated, using the 7-bit US-ASCII bypass technique. Once this obfuscation technique is bypassed, the script is further obfuscated. The resulting decoded page reveals a Visual Basic Script that contains an ADOdb (database extraction library) exploit. The exploit within the page downloads and executes a file called update.exe (Trojan PWS).
Websense® Security Labs™ has received reports of a phishing attack that targets customers of Pentagon Federal Credit Union. Users receive a spoofed email message that provides a link to a phishing site which attempts to collect personal and account information.
This phishing site is hosted in the Republic of Korea and was up at the time of this alert.
Phishing screenshot:
