The U.S. Treasury’s Community Development Financial Institutions (CDFI) Fund on Friday announced that it is expanding its technical assistance and training endeavors with CDFIs in an effort to help them better “deliver financial products and services to underserved communities nationwide.”

National Credit Union Administration (NCUA) Board member Gigi Hyland late last week said that the “strong, collaborative working relationship” between state credit union supervisors and the NCUA “must continue” as regulators and credit unions “work through these difficult economic circumstances.”

Credit unions educated nearly 400,000 students during the 2008-2009 school year, according to data collected by the National Youth Involvement Board.

Tom Candon, Vermont’s deputy commissioner of banking Friday was named chairman of the National Association of State Credit Union Supervisors during its annual business meeting.

The Estonian Union of Credit Cooperatives, which represents credit unions in the former Soviet satellite country of Estonia, is World Council of Credit Unions’ newest member.

The New York Times cited CUNA’s Credit Union Finder website and credit unions’ lower interest rates on credit card balances in a recent article.

Websense® Security Labs™ ThreatSeeker™ Network has discovered that some well-known cell phone forums at IT168 in China have been injected with malicious JavaScript. The infected forum sites – including forums for Nokia, Motorola, and Sony Ericsson – are serving some exploits that target a number of vulnerabilities in the wild.

IT168.com is one of the largest mainstream IT information platforms in China, providing IT product price and market orientation information. It has a high Alexa rank of 170. The forums on the site, especially the cell phone bulletin boards, are very popular, and unsuspecting visitors to these sites can easily get infected.

Screenshot of bbs.it168.com:

Screenshot of the injected JavaScript:

The payload of the JavaScript:

The attackers capitalize on the results from popular search engines like Google, Baidu, and Sogou to spread malicous codes.

The payload of the iframe above:

The targeting vulnerabilities are:

CVE-2007-0071
CVE-2008-0015
CVE-2009-1136
CVE-2009-1862
MS09-002
MS06-014

Once one of the vulnerabilities is triggered, an executable is downloaded onto the user’s machine. This malware installs a rootkit driver and also downloads the main “threat dispatcher”. At least 29 malicious applications are downloaded. Some of them install global hooks on the machine, copy themselves inside the Windows folder, and perform other malicious activities. The majority of these executables are packed with UPX, but a few of them use custom executable packers.

Websense Messaging and Websense Web Security customers are protected against this attack.

Vulnerability Summary for the Week of August 17, 2009

August 24, 2009, Alexandria, Va. – Deborah Matz today became Chairman of the National Credit Union Administration. Matz was nominated by President Obama in May and was sworn in by NCUA General Counsel Robert Fenner during a private ceremony at the Agency’s offices in Alexandria, VA. Matz was joined by her husband, Marshall, and Agency staff.