<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>Over the last couple of days, Brian Krebs has reported about <a href="http://krebsonsecurity.com/2011/06/fbi-investigating-cyber-theft-of-139000-from-pittsford-ny">ACH fraud</a> that is driven by ZeuS and SpyEye trojans/bots. Although the case law is limited it seems like <a href="http://krebsonsecurity.com/2011/06/court-passwords-secret-questions-reasonable-ebanking-security/">banks have little or no liability</a> if a trojan steals bank login details and, as a result, an organization's bank account is emptied.</p> <!--more--><p>In the first link above a local government lost about $140,000 in a series of $4800 dollar transfers and it seems unlikely that they will be able to recover much more than $4800 of it. In the second link a construction company took their bank to court claiming that it was the bank's fault that they were not alerted when hundreds of thousands of dollars were transferred from their account. Although the case is not yet totally settled it seems that the judge has decided that the bank took sufficient steps to not be considered negligent and that therefore the loss must be borne by the construction company.</p> <p>In the light of this it is worth noting that almost every organization that has installed ThreatSTOP as a trial has discovered a bot on their network. In at least one case it was a ZeuS bot on the laptop of the accounting/HR admin. Having ThreatSTOP running on their firewall may well have saved them from being another statistic in the list of ACH victims.</p> <p>While no single solution is a silver bullet against cybercrime, ThreatSTOP provides a good first filter against inbound malware, and a best last hope against the outbound call home or data theft, using what people already have. We are an essential addition to the toolbox of those protecting their businesses and families from criminals.</p> <p>ThreatSTOP provides our subscribers with blocklists of known botnet C&amp;C (Command and Control) and dropbox hosts that are automatically installed onto their firewalls and updated every few hours (2 by default) to keep track of changes. For a small organization our service typically costs just $600 a year (less than $2/day). This is inexpensive insurance against a potential loss of thousands or even hundreds of thousands of dollars.</p></span>