Weekly Cybersecurity Roundup: Bandits Bust Bitfloor for $250K in Bitcoins and More

Bandits Bust Bitfloor for $250K in Bitcoins: Bitcoin-exchange Bitfloor has suspended operations as it tries to determine who stole 24,000 units of the virtual currency via an unencrypted backup. (Bitcoins [BTC] are currently worth $10.93 each, according to several conversion sites, so 24,000 BTC are valued at more than $250,000.) The robber made off with the BTC by transferring them from the backup to an unknown location. Bitfloor founder Roman Shtylman announced the shutdown in a post on Bitcoin Forum, writing, “Even tho (sic) only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.” 

Apple Issues Its Own Fix for Java Vulnerabilities: The Java SE 6 update is supposed to patch flaws that could let an attacker remotely execute code on a targeted system. The update also patches the flaw in Mac OS X 10.6, as well as the more recent Lion and Mountain Lion versions of the Mac OS. The update only applies to the SE 6 versions of Java for OS X, which Apple still maintains. Development and maintenance responsibilities of the Java platform were given back to Oracle with the Java SE 7 build. Oracle issued its own fix for the vulnerability in Windows, OS X and Linux systems last week. Oracle has taken a lot of heat because researchers found that it had known of the problems for months and didn’t release a patch until after active exploits for the issued surfaced.

Malware Tricks German Bank Customers Into Approving Thefts: Researchers for Trusteer discovered a program called Tatanga that bypasses chipTAN systems, which are used by Germans for online banking, by tricking users of infected machines into authorizing fraudulent transfers from their accounts. The Trojan injects code into a trusted online banking Web page that tells users the bank wants them to do a chipTAN “test.” The user is then asked to generate a TAN for the test transaction and enter the authorization code into an HTML page that mimicks the look and feel of the bank’s website. Criminals then use the codes to authorize fraudulent transfers from the user’s online banking account.

Arizona Man Jailed for Infecting 72K Computers: Joshua Schichtel has been sentenced to 30 months in prison for using botnets and selling access to them, according to the U.S. Department of Justice. Schichtel pleaded guilty to causing software to be installed on approximately 72,000 computers on behalf of a customer who paid him $1,500 for use of the botnet. Schichtel is also said to be connected to a group of hackers who used denial-of-service attacks to target victims. Schichtel allegedly was a member of the so-called DDOS mafia, a group of hackers that attacked websites on behalf of a business owner, but 2004 charges against him in California were dropped because prosecutors didn’t file an indictment by the required deadline.

Strangest Security Story of the Week: First Irish-Language Malware Discovered: A man in County Donegal, Ireland, was targeted by a strain of ransomware dubbed Gaeilge that locks up infected computers and attempts to extort $126.38 (€100) from users for an unlock code. The demand reportedly appeared in poorly written Gaelic, and it is thought to be the first Irish-language malware ever discovered. The victim wisely took his compromised machine for repairs rather than handing over money to the crooks. The virus claimed the lockdown was a result of the Irish government detecting that the user had accessed online pornography. Gaelic, the ancient language of Ireland, is primarily spoken by people in the far western reaches of the country. According to Ireland’s 2011 census, 1.7 million people say they can speak it, but only 77,000 say they speak it on a daily basis. I wonder when we’ll see some Mongolian malware.

Image via KBillTV