Slashdot Mirror

← Back to Domains

Domain: krebsonsecurity.com

Stories and comments across the archive that link to krebsonsecurity.com.

Stories · 235

  1. Krebs Hacker Unmasked, Hit Ars and Wired's Honan

    It · Security · · posted by Unknown · from the why-waste-life-on-useful-things dept. · 164 comments
    altjira writes "Brian Krebs, hot on the tail of the hacker who DDOS his site and SWATted his home, followed up on a tip, found the dox, called and then outed his hacker. Turns out it may have been the same guy who hit Wired's Mat Honan and Ars Technica." The attacker is ... a 20 year old guy who apparently has too much time on his hands, and was surprisingly careless with his personal information for someone exploiting the personal information of others.

  2. Krebs Hacker Unmasked, Hit Ars and Wired's Honan

    It · Security · · posted by Unknown · from the why-waste-life-on-useful-things dept. · 164 comments
    altjira writes "Brian Krebs, hot on the tail of the hacker who DDOS his site and SWATted his home, followed up on a tip, found the dox, called and then outed his hacker. Turns out it may have been the same guy who hit Wired's Mat Honan and Ars Technica." The attacker is ... a 20 year old guy who apparently has too much time on his hands, and was surprisingly careless with his personal information for someone exploiting the personal information of others.

  3. Brian Krebs Gets SWATted

    Yro · Crime · · posted by timothy · from the how-some-people-sleep-at-night dept. · 240 comments
    RedLeg writes "ArsTechnica reports that Brian Krebs, of KrebsOnSecurity.com, formerly of the Washington Post, recently got SWATted. For those not familiar with the term, SWATting is the practice of spoofing a call to emergency responders (911 in the U.S.) to induce an overwhelming and potentially devastating response from law enforcement and/or other first responders to the home or residence of the victim. Brian's first-person account of the incident and what he believes to be related events are chronicled here. Krebs has been prominent in the takedown of several cyber-criminal groups in the past, and has been subject to retaliation. I guess this time he poked the wrong bear."

  4. Brian Krebs Gets SWATted

    Yro · Crime · · posted by timothy · from the how-some-people-sleep-at-night dept. · 240 comments
    RedLeg writes "ArsTechnica reports that Brian Krebs, of KrebsOnSecurity.com, formerly of the Washington Post, recently got SWATted. For those not familiar with the term, SWATting is the practice of spoofing a call to emergency responders (911 in the U.S.) to induce an overwhelming and potentially devastating response from law enforcement and/or other first responders to the home or residence of the victim. Brian's first-person account of the incident and what he believes to be related events are chronicled here. Krebs has been prominent in the takedown of several cyber-criminal groups in the past, and has been subject to retaliation. I guess this time he poked the wrong bear."

  5. Bit9 Hacked, Stolen Certs Used To Sign Malware

    It · Security · · posted by Soulskill · from the that-seems-like-a-bad-plan dept. · 65 comments
    tsu doh nimh writes "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered a compromise that cuts to the core of its business: helping clients distinguish known 'safe' files from computer viruses and other malicious software. A leading provider of 'application whitelisting' services, Bit9's security technology turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous. But in a blog post today, the company disclosed that attackers broke into its network and managed to steal the digital keys that Bit9 uses to distinguish good from bad applications. The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. The kicker? The firm said it failed to detect the intrusion in part because the servers used to store its keys were not running Bit9's own software."

  6. Washington Post: We Were Also Hacked By the Chinese

    News · China · · posted by Soulskill · from the they-just-want-to-fit-in dept. · 135 comments
    tsu doh nimh writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."

  7. Another Java Exploit For Sale

    Developers · Java · · posted by samzenpus · from the a-new-flavor dept. · 150 comments
    tsamsoniw writes "Mere days after Oracle rolled out a fix for the latest Java zero-day vulnerabilities, an admin for an Underweb hacker forum put code for a purportedly new Java exploit up for sale for $5,000. Though unconfirmed, it's certainly plausible that the latest Java patch didn't do the job, based on an analysis by the OpenJDK community. Maybe it's high time for Oracle to fix Java to better protect both its enterprise customers and the millions of home users it picked up when it acquired Sun."

  8. Java Zero-Day Vulnerability Rolled Into Exploit Packs

    Developers · Crime · · posted by Unknown · from the just-can't-win dept. · 193 comments
    tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."

  9. Java Zero-Day Vulnerability Rolled Into Exploit Packs

    Developers · Crime · · posted by Unknown · from the just-can't-win dept. · 193 comments
    tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."

  10. Turkish Registrar Enabled Phishing Attacks Against Google

    It · Google_Fb · · posted by samzenpus · from the protect-ya-neck dept. · 75 comments
    tsu doh nimh writes "Google and Microsoft today began warning users about active phishing attacks against Google's online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by TURKTRUST Inc., a Turkish domain registrar. Google said that on Dec. 24, 2012, its Chrome Web browser detected and blocked an unauthorized digital certificate for the '.google.com' domain. 'TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates,' Google said in a blog post today. Microsoft issued an advisory saying it is aware of active attacks using one of the fraudulent digital certificates issued by TURKTRUST, and that the fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against virtually any domain. The incident harkens back to another similar compromise that happened around the same time-frame. In September 2011, Dutch certificate authority Diginotar learned that a security breach at the firm had resulted in the fraudulent issuing of certificates."

  11. $50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts

    Tech · Security · · posted by timothy · from the kicking-sand-in-your-face dept. · 56 comments
    tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."

  12. Visa and MasterCard Take Fight To Scammers

    Yro · Money · · posted by timothy · from the follow-the-not-exactly-money dept. · 140 comments
    An anonymous reader writes "In his latest story, Brian Krebs reports on a collaboration between brand holders and credit card companies to shut down payment processing for rogue online pharmacies, pirate software sellers and fake anti-virus scams. By conducting test purchases, they map out which banks are being used to accept payments for which scams. Writes Krebs, 'Following the money trail showed that a majority of the purchases were processed by just 12 banks in a handful of countries, including Azerbaijan, China, Georgia, Latvia, and Mauritius.' These results are then fed to Visa and Mastercard who typically shut down the merchant accounts 'within one month after a complaint was lodged.' If you can't accept payments, you can't make money — and without money you can't pay the spammers who advertise your product. This effort is apparently quite effective and has led to much concern by those running such sites."

  13. Insurance For Cybercriminals, or Giant Sting?

    Yro · Crime · · posted by timothy · from the needs-scott-joplin-soundtrack dept. · 72 comments
    tsu doh nimh writes "Brian Krebs follows up on a recent Slashdot discussion about a cybercrime gang that is recruiting botmasters to help with concerted heists against U.S. financial institutions. The story looks at the underground's skeptical response to this campaign, which is being led by a criminal hacker named vorVzakone ('thief in law'), who has released a series of videos about himself. vorVzakone also is offering a service called 'insurance from criminal prosecution,' in which miscreants can purchase protection from goons who specialize in bribing or intimidating Russian/Eastern European police into scuttling cybercrime investigations. For $100,000, the service also claims to have people willing to go to jail in place of the insured. Many in the criminal underground view the entire scheme as an elaborate police sting operation."

  14. Smart-Grid Control Software Maker Hacked

    It · Security · · posted by timothy · from the 21-scadoo dept. · 96 comments
    tsu doh nimh writes "Telvent, a multinational company whose software and services are used to remotely administer and monitor large sections of the energy and gas industries, began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Brian Krebs reports that the attacker(s) installed malicious software and stole project files related to one of Telvent's core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced 'smart grid' technologies. A follow-up story from Wired.com got confirmation from Telvent, and includes speculation from experts that the 'project files' could be used to sabotage systems. 'Some project files contain the "recipe" for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off. If you're going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation. Then you modify the project file and load it, and they're not running what they think they're running.'"

  15. Recent Apple Java Update Doesn't Fix Critical Java Flaw Claims Researcher

    Apple · Java · · posted by samzenpus · from the try-again dept. · 102 comments
    hypnosec writes "Just yesterday Apple released updates to fix Java vulnerabilities, but it seems the patch doesn't actually target the recently discovered high-profile Java bug that has been the talk of the web during the last two weeks. The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion, are meant to tackle the vulnerability described in CVE-2012-0547. But according to KerbsOnSecurity, it seems Cupertino hasn't addressed the recent mega-vulnerabilities in Java as described in CVE-2012-4681." Update: 09/07 12:00 GMT by S : As readers have pointed out, these updates address flaws in Java 6, which is the version Apple maintains. The recently-reported Java vulnerabilities primarily affect Java 7, the patching of which is handled solely by Oracle. Nothing to see here.

  16. Experts Develop 3rd-Party Patch For New Java Zero-Day

    Developers · Java · · posted by samzenpus · from the patch-it-up dept. · 154 comments
    tsu doh nimh writes "A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devised and are selectively releasing an unofficial patch for the flaw."

  17. Inside the Grum Botnet

    It · Botnet · · posted by Soulskill · from the creamy-nougat-filling dept. · 34 comments
    tsu doh nimh writes "An examination of a control server seized in the recent takedown of the Grum spam botnet shows the crime machine was far bigger than most experts had assumed. A PHP panel used to control the botnet shows it had just shy of 200,000 systems sending spam when it was dismantled in mid-July. Researchers also found dozens of huge email lists, totaling more than 2.3 billion addresses, as well evidence it was used for phishing and malware attacks in addition to mailing pharmacy spam. Just prior to its takedown, Grum was responsible for sending about one in six spams worldwide."

  18. Inside a Ransomware Money Machine

    Yro · Crime · · posted by Unknown · from the spam-this-time-it-breaks-your-legs dept. · 158 comments
    tsu doh nimh writes "The FBI is warning that it's getting inundated with complaints from people taken in by ransomware scams that spoof the FBI and try to scare people into paying 'fines' in lieu of going to jail for having downloaded kiddie porn or pirated content. KrebsOnSecurity.com looks inside a few of the scams in the FBI alert, and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while."

  19. Carderprofit.cc Was FBI Carding Sting, Nets 26 Arrests

    Yro · Crime · · posted by Unknown · from the crime-pays-but-then-prison dept. · 181 comments
    tsu doh nimh writes in with news of a major sting operation against carders. From the article: "The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of 26 people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of 'UGNazi,' a malicious hacking group that has claimed responsibility for a flood of recent attacks on Internet businesses." The trick: the FBI ran a carding forum as a honeypot.

  20. U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin

    It · Security · · posted by Unknown · from the can-i-see-your-id dept. · 44 comments
    tsu doh nimh writes "The Justice Department on Monday announced the arrest of a Dutch man wanted for coordinating the theft of roughly 44,000 credit card numbers. The government hasn't released many details about the accused, except for his name and hacker handle, 'Fortezza.' But data from a variety of sources indicates that Fortezza was a lead administrator of Kurupt.su, a large, recently-shuttered forum dedicated to carding and Internet fraud. Krebsonsecurity.com provides some background on Fortezza, who 'claimed to be "quitting the scene," but spoke often about finishing a project with which he seemed obsessed: to hack and plunder all of the other carding forums.'"

  21. Global Payments Breach Led To Prepaid Card Fraud

    It · Security · · posted by Unknown · from the don't-copy-that-magstripe dept. · 50 comments
    tsu doh nimh writes "Global Payments, the Atlanta-based credit card processor that disclosed a major breach of its systems last month, has said that less than 1.5 million card numbers were stolen, and that customer names and addresses weren't included in the purloined data. But security reporter Brian Krebs carries a piece today highlighting how thieves were still able to use the data to clone debit cards, which were then used in shopping sprees in and around the Las Vegas area recently."

  22. FBI Says Smart Meter Hacks Are Likely To Spread

    It · Security · · posted by Soulskill · from the ignorance-is-bliss dept. · 189 comments
    tsu doh nimh writes "A series of hacks perpetrated against so-called 'smart meter' installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in cyber intelligence bulletin first revealed today. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology."

  23. VISA, MasterCard Warn of 'Massive' Breach At Credit Card Processor

    Yro · Crime · · posted by Soulskill · from the your-security:-priceless dept. · 164 comments
    concealment writes with news that VISA and MasterCard have been warning banks of an incident at a U.S. card processor that may have compromised as many as 10 million credit card numbers. From the article: "Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area." According to the Wall Street Journal, the breached company is Global Payments Inc.

  24. Avast Drops iYogi Support Over Pushy Scare Tactics

    It · Security · · posted by Soulskill · from the smarter-than-the-average-ibear dept. · 100 comments
    An anonymous reader writes "Antivirus maker Avast is suspending its relationship with iYogi, a company it has relied upon for the past two years to provide live customer support for its products. The move comes just one day after an investigation into iYogi showed the company was using the relationship to push expensive and unnecessary support contracts onto Avast users. In a blog post, Avast's CEO wrote, 'We had initial reports of this behavior a few weeks ago and met with iYogi's senior executives to ensure the behavior was being corrected. Thus, we were shocked to find out about Mr. Krebs' experience. As a consequence, we have removed the iYogi support service from our website and shortly it will be removed from our products.'"

  25. Avast Drops iYogi Support Over Pushy Scare Tactics

    It · Security · · posted by Soulskill · from the smarter-than-the-average-ibear dept. · 100 comments
    An anonymous reader writes "Antivirus maker Avast is suspending its relationship with iYogi, a company it has relied upon for the past two years to provide live customer support for its products. The move comes just one day after an investigation into iYogi showed the company was using the relationship to push expensive and unnecessary support contracts onto Avast users. In a blog post, Avast's CEO wrote, 'We had initial reports of this behavior a few weeks ago and met with iYogi's senior executives to ensure the behavior was being corrected. Thus, we were shocked to find out about Mr. Krebs' experience. As a consequence, we have removed the iYogi support service from our website and shortly it will be removed from our products.'"

  26. RDP Proof-of-Concept Exploit Triggers Blue Screen of Death

    It · Bug · · posted by Soulskill · from the if-you-build-it dept. · 128 comments
    mask.of.sanity writes "A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organizations use RDP to work from home or access cloud computing services. Only days after a patch was released, a bounty was offered for devising an exploit, and later a working proof of concept emerged. Chinese researchers were the first to reveal it, and security professionals have found it causes a blue screen of death in Microsoft Windows XP and Windows Server 2003 machines. Many organizations won't apply the patch and many suspect researchers are only days away from weaponizing the code."

  27. Disconnection of Millions of DNSChanger-Infected PCs Delayed

    It · Security · · posted by samzenpus · from the not-just-yet dept. · 105 comments
    tsu doh nimh writes "Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet early next month if a New York court approves a new request by the U.S. government. Meanwhile, six men accused of managing and profiting from the huge collection of hacked PCs are expected to soon be extradited from their native Estonia to face charges in the United States."

  28. Microsoft's Antivirus Briefly Flags Google.com As Malicious

    It · Bug · · posted by Soulskill · from the quarantine-all-the-googles dept. · 123 comments
    tsu doh nimh writes "Computers running Microsoft's antivirus and security software may be flagging google.com — the world's most-visited Web site — as malicious, apparently due to a faulty Valentine's Day security update shipped by Microsoft. For several hours on Tuesday, PC users browsing with Internet Explorer on a machine equipped with Microsoft Security Essentials or Forefront saw warnings that Google.com was serving up a 'severe' threat – Exploit:JS/Blacole.BW — basically that google.com was supposedly infected with a Blackhole exploit kit. The warning prompted users to 'delete' the threat, although accepting the default action appeared to cause no ill result. The episode is more embarrassing than harmful, given that Microsoft is expected to ship antivirus technology with the next version of Windows."

  29. Half of Fortune 500s, US Agencies Still Infected With DNSChanger Trojan

    News · Business · · posted by samzenpus · from the still-here dept. · 112 comments
    tsu doh nimh writes "Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. The FBI is currently debating whether to extend the deadline or let it expire."

  30. The Gang Behind the World's Largest Spam Botnet

    It · Crime · · posted by samzenpus · from the who's-to-blame dept. · 58 comments
    tsu doh nimh writes "A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. Brian Krebs uncovers fascinating information about a hacker named 'GeRa' who is supposedly behind the Grum botnet, which is currently sending about one out of every three spam emails worldwide. The story also points to several possible real-identities behind the Internet's largest spam machine."

  31. Microsoft Names Reputed Head of Kelihos Botnet

    It · Botnet · · posted by Unknown · from the framed-by-darpa-created-ai dept. · 30 comments
    wiredmikey writes with an update on Microsoft's takedown of the Kelihos botnet. From the article: "Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed 'John Does' owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers."

  32. Site Aims To Be the "Google" of the Underweb

    Yro · Crime · · posted by samzenpus · from the best-of-the-bad dept. · 78 comments
    tsu doh nimh writes "A new service in the cyber underground aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools. From the story: 'A glut of data breaches and stolen card numbers has spawned dozens of stores that sell the information. The trouble is that each shop requires users to create accounts and sign in before they can search for cards. Enter MegaSearch, which lets potential buyers discover which fraud shops hold the cards they're looking for without having to first create accounts at each store.'"

  33. Leaked Online Chats Expose Author of Largest Spam Botnet

    It · Botnet · · posted by Soulskill · from the cover-blown dept. · 78 comments
    An anonymous reader writes "New analysis of financial records and online chat logs retrieved from the operators of Spamdot.biz — until recently the most notorious spam affiliate program — provides tantalizing clues about the identity of the man behind Cutwail, currently the largest spam botnet. Brian Krebs tells the story of 'Google,' the screen name used by the now-27-year-old botmaster who was part of a team of programmers in Moscow. Over the years, Cutwail has shifted from a spam cannon for male enhancement pills to a major vector for distributing malicious software."

  34. Site Offers History of Torrent Downloads By IP

    Yro · Privacy · · posted by Soulskill · from the exposing-the-obvious dept. · 340 comments
    tsu doh nimh writes "You may have never heard of youhavedownloaded.com, but if you recently grabbed movies, music or software from online file-trading networks, chances are decent that the site has heard of you. In fact, you may find that the titles you downloaded are now listed and publicly searchable at the site, indexed by your Internet address. So far, youhavedownloaded.com has recorded more than 50 million unique Internet addresses belonging to file-sharing users. The site is searchable by file name and by Internet address. When you visit, it automatically checks and lets you know if your Internet address is in the database."

  35. Twitter Bots Drown Out Anti-Kremlin Tweets

    Politics · Twitter · · posted by timothy · from the more-of-the-same dept. · 125 comments
    tsu doh nimh writes "It appears that thousands of Twitter accounts created in advance to blast automated messages are being used to drown out Tweets sent by bloggers and activists this week who are protesting the disputed presidential elections in Russia. Trend Micro first observed on Wednesday the bogus tweets flooding popular hashtags being used by Russians protesting the election and the arrests of hundreds of protesters, including prominent anti-corruption blogger Alexei Navalny. Today, blogger Brian Krebs posted evidence that thousands of accounts apparently auto-created in mid-2011 were being used to flood more than a dozen hashtags connected to the protests, and appear to be all following each other and one master account, presumably the botnet controller."

  36. Bank Accounts Vulnerable For Victims of ZeuS Trojan Variant 'Gameover'

    It · Security · · posted by timothy · from the fewer-atm-fees-at-least dept. · 80 comments
    tsu doh nimh writes "Organized crooks have begun launching debilitating cyber attacks against banks and their customers as part of a smoke screen to prevent victims from noticing simultaneous high-dollar cyber heists, the FBI is warning. The thefts, aided by a custom variant of the ZeuS Trojan called 'Gameover,' are followed by distributed denial of service (DDoS) attacks against banks and the victim customers. The feds say the perpetrators also are wiring some of the money from victim organizations directly to high-end jewelry stores, and then sending money mules to pick up the pricey items."

  37. iTunes Flaw Allowed Spying On Dissidents

    Apple · Government · · posted by Soulskill · from the but-only-from-a-macbook dept. · 82 comments
    Hugh Pickens writes writes "Democracy and free speech activists worldwide have something new to worry about — cyberwarfare via iTunes. The Telegraph reports that Gamma International sells computer hacking services to governments, offering 'zero day' security flaws that allow access to target computers 'with the ability to take control of the target systems functions to the point of capturing encrypted data and communications.' FinFisher spyware, known to be used by British agencies and offered to Egypt's feared secret police, takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive. It redirects users' web browsers to a customized web page that pretends Flash is not installed on the user's computer, then installs a sophisticated piece of spyware that sends info on a user's activities directly to foreign intelligence services. The latest iTunes software update, 10.5.1, released on November 14, appears to have fixed the exploit FinFisher used. A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet Apple 'waited more than 1,200 days to fix the flaw,' writes security researcher Brian Krebs."

  38. Shady Reshipping Centers Exposed

    Yro · Crime · · posted by timothy · from the shady-shipping-containers-make-cool-houses dept. · 143 comments
    Dynamoo writes "Ever wondered how criminals can spirit away the products they buy with stolen credit cards? The answer is that they use surprisingly sophisticated but very shady reshipping centers to launder the goods on their way to Eastern Europe. The bad guys make the money, but it's the mules doing the reshipping who will eventually get caught."

  39. Mysql.com Hacked, Made To Serve Malware

    It · Oracle · · posted by Soulskill · from the high-profile-problems dept. · 81 comments
    Orome1 writes "Mysql.com was compromised today, redirecting visitors to a page serving malware. Security firm Armorize detected the compromise through its website malware monitoring platform HackAlert, and has analyzed how the compromise of the site's visitors unfolded. The mysql.com website was injected with a script that generates an iFrame redirecting the visitors to a page where the BlackHole exploit pack is hosted." According to Brian Krebs, the exploit used to compromise the site was being shopped around last week for $3,000.

  40. Gang Used 3D Printers To Make ATM Skimmers

    It · Crime · · posted by Soulskill · from the bank-error-in-your-favor dept. · 212 comments
    An anonymous reader sends this excerpt from a post by security researcher Brian Krebs: "An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say. ... Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. Last year, i-materialize blogged about receiving a client's order for building a card skimmer. In June, a federal court indicted four men from South Texas whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer."

  41. Rent Your Own Botnet

    It · Security · · posted by Unknown · from the wake-up-with-missing-kidney dept. · 79 comments
    An anonymous reader writes "New research shows that the TDSS/TDL-4 botnet, widely considered one of the largest and most sophisticated, can be rented via a Web storefront available to all comers. Researchers from Kaspersky found that the latest version of TDSS installs a file that sets the machine up as a proxy for anonymous browsing, and then phones home to awmproxy.net, which rents the proxies for rates from $3 per day to $300 a week. The curators of this service even created a Firefox add-on to help customers. 'Interestingly, AWMproxy says it accepts payment via PayPal, MasterCard, and Visa.'"

  42. Spammers Bribe Russian Officials

    It · Spam · · posted by Unknown · from the ten-thousand-volleyballs dept. · 83 comments
    hellkyng writes with a transcript of interesting chat logs in Krebs on Security. From the article: "Leaked online chats between the co-owners of the world's largest pharmacy spam operation reveal the extent to which illicit organizations in Russia purchase political protection, and bribe public officials into initiating or stalling law enforcement investigations."

  43. Coordinated, Global ATM Heist Nets $13 Million

    It · Security · · posted by Soulskill · from the get-rich-really-really-quick-schemes dept. · 122 comments
    An anonymous reader writes "An international cybercrime gang stole $13 million from a Florida-based financial institution earlier this year, by executing a highly-coordinated heist in which thieves used ATMs around the globe to cash out stolen prepaid debit cards. 'Prepaid cards usually limit the amounts that cardholders can withdraw from a cash machine within a 24 hour period. Apparently, the crooks were able to drastically increase or eliminate the withdrawal limits for 22 prepaid cards that they had obtained. The fraudsters then cloned the prepaid cards, and distributed them to co-conspirators in several major cities across Europe, Russia and Ukraine.' The attack is eerily similar to the 2008 attack on RBS WorldPay that stole $9.4M. The men who pleaded guilty to the RBS attack were arrested and charged in Russia, but were later given only probation."

  44. Patched MS Bluetooth Flaw Exposes Even Disconnected PCs

    It · Bug · · posted by Soulskill · from the you-are-the-one-neo dept. · 147 comments
    An anonymous reader writes "Among the 22 security holes Microsoft issued updates to fix yesterday is a critical kernel-level Bluetooth flaw that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network. An attacker could use the bug to gain access to any unpatched, Bluetooth-enabled Windows Vista or Win7 computer within 100 meters (or much further with specialized tools), all before the target system even gets an alert that another computer is requesting a Bluetooth connection."

  45. Banks Faulted For Fake Antivirus Scourge

    It · Security · · posted by samzenpus · from the passing-the-buck dept. · 117 comments
    krebsonsecurity writes "Merchant banks that process credit card payments for fake antivirus or 'scareware' exhibit a distinctive pattern of card processing that could be used by Visa and MasterCard to weed out the rogue processors, according to a new study by the University of California, Santa Barbara. From the study: 'The UCSB team found that the fake AV operations sought to maximize profits by altering their refunds according to the chargebacks reported against them, and by refunding just enough to remain below a payment processor's chargeback limits. Whenever the rate of chargebacks increased, the miscreants would begin issuing more refunds. When the rate of chargebacks subsided, the miscreants would again withhold refunds.' The study also highlights how few customers ever request a refund, and how affiliates pushing this junk software made more than $133 million."

  46. Banks Faulted For Fake Antivirus Scourge

    It · Security · · posted by samzenpus · from the passing-the-buck dept. · 117 comments
    krebsonsecurity writes "Merchant banks that process credit card payments for fake antivirus or 'scareware' exhibit a distinctive pattern of card processing that could be used by Visa and MasterCard to weed out the rogue processors, according to a new study by the University of California, Santa Barbara. From the study: 'The UCSB team found that the fake AV operations sought to maximize profits by altering their refunds according to the chargebacks reported against them, and by refunding just enough to remain below a payment processor's chargeback limits. Whenever the rate of chargebacks increased, the miscreants would begin issuing more refunds. When the rate of chargebacks subsided, the miscreants would again withhold refunds.' The study also highlights how few customers ever request a refund, and how affiliates pushing this junk software made more than $133 million."

  47. Conficker Blamed In $72M Scareware Ring

    Yro · Crime · · posted by timothy · from the your-lack-of-ethics-intrigues-me dept. · 28 comments
    tsu doh nimh writes with an update on the previously mentioned crackdown on scammers peddling fake antivirus products, who were apparently taking advantage of the worm that just won't go away: "Police in Ukraine said the thieves fleeced unsuspecting consumers with the help of the infamous Conficker worm, although it remains unclear how big a role the fast-spreading worm played in this crime. Interestingly, the picture showing the stack of PCs confiscated by Ukrainian authorities (SBU) in this raid is identical to the one shown in an SBU press release last fall, when the SBU detained five individuals connected to high-profile ZeuS Trojan attacks."

  48. Court Rules Passwords+Secret Questions=Secure eBanking

    It · Security · · posted by samzenpus · from the nobody-knows-your-mother's-maiden-name dept. · 284 comments
    An anonymous reader writes "A closely-watched court battle over how far commercial banks need to go to protect their customers from cyber theft is nearing an end. Experts said the decision recommended by a magistrate last week — if adopted by a US district court in Maine — will make it more difficult for other victim businesses to challenge the effectiveness of security measures employed by their banks. This case would be the first to add legal precedent to banking industry guidelines about what constitutes 'reasonable' security. The tentative decision is that a series of passwords + some device fingerprinting is enough to meet the definition of 'something you know' + 'something you have.' The case has generated enormous discussion over whether the industry's 'recommended' practices are anywhere near relevant to today's attacks, in which crooks usually have complete control over the victim's PC."

  49. Malware Gangs Run Ads To Hire New Coders

    It · Crime · · posted by Soulskill · from the taking-advantage-of-the-poor-job-market dept. · 120 comments
    An anonymous reader writes "Think crime doesn't pay? Think again: an increasingly common sight on underground cybercrime forums are ads paid for by malware writers who are looking to hire talented new programmers. The most common ads are for 'crypters' designed to disguise known malware, and 'Web injects,' plug-ins made to run alongside crime kits like ZeuS and SpyEye. Salaries range from $2,000 to $5,000 monthly, health benefits not included."

  50. Are Computer Crooks Renting Out Your PC?

    It · Crime · · posted by samzenpus · from the let-me-see-that-a-minute dept. · 208 comments
    An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"