Here are a few articles I found interesting this week:

Microsoft joins malware, ad teams to fight click fraud

"We are taking two relatively disparate domains of expertise and tools, namely malware and online advertising, and creating prevention systems and processes for identifying the entire chain of benefactors of click-fraud malware," — Nikola Livic, Microsoft Malware Prevention Center developer

Now that Microsoft has an ad revenue to worry about – courtesy of the relative success of their Bing search engine – they’re taking steps to protect their revenue stream. MS is in a unique position to tackle the problem of click-fraud malware, since they have both a click-based ad system and a large footprint of anti-malware software installs (courtesy of their free Security Essentials package). It’ll be extremely interesting to see if Microsoft’s unique position can allow them to make a dent in the click fraud business. And it’ll be even more interesting to see how the fraudsters fight back.

Bank Agrees to Reimburse Hacking Victim $300K in Precedent-Setting Case

Patco [Construction Company] had argued that the bank’s authentication system was inadequate and that it failed to contact the customer after its automated system flagged the transactions as suspicious. But the bank maintained that it had done due diligence because it verified that the ID and password used for the transactions were authentic. Patco accused the bank of failing to implement “best” security practices by requiring customers to use multifactor authentication.

Patco Construction Company sued people’s United Bank after Patco lost $345,000 due to an attack on the bank’s online banking system. The attacker installed key-logger software on Patco systems, handily defeating the bank’s “security question” system.

Most interesting is that the First Circuit Court of Appeals has now found that the bank’s approach to security wasn’t “commercially reasonable” [PDF], and pushed the parties to settle (which they have).

Malware Corrupts Iranian Financial Databases

Iran's Computer Emergency Readiness Team (CERT) Sunday released an advisory confirming that the Narilam malware had targeted Iranian systems. But it downplayed the threat, and suggested that any comparisons to "the previously reported cyber-attacks on Iran's infrastructure like stuxnet, duqu and flame" vastly overstated the malware's capabilities.

Interesting that a fairly old piece of malware triggered a new warning, even though all signs point to the malware being nearly extinct in the wild. However, it is interesting to see the analysis of this particular piece of malware. Narilam seems designed to compromise accounting software written by a very specific Iranian software company. To me, this suggests either an “inside job” of sorts, or an attempt to discredit that particular company.

Financial Malware Detects Remote Desktop Environments To Evade Researchers

"There are many virtual environments that are detected by malware these days," [Vikram Thakur, Symantec Security Response] tells Dark Reading. "In fact, just recently we spotted two new techniques added to the list of techniques used by malware to evade sandboxes -- monitoring of mouse movement and monitoring for code to lay dormant for five minutes before execution.

Continuing an interesting trend in advanced malware to resist detection and analysis, “Shylock” looks for evidence of a remote desktop session, and hides if it finds one. We’re seeing more and more malware authors attack the human element of malware detection and response, not just the anti-malware software. This is a smart play on the malware authors’ part, since human beings are often the weakest point in any security system.