The man arrested in Armenia last week for allegedly operating the massive “Bredolab” botnet — a network of some 30 million hacked Microsoft Windows PCs that were rented out to cyber crooks — appears to have generated much of his clientele as a key affiliate of Spamit.com, the global spamming operation whose members are blamed for sending a majority of the world’s pharmaceutical spam.
Adobe Systems pushed out critical security update for its Shockwave Player that fixes nearly a dozen security vulnerabilities. The software maker also is warning that attackers are targeting a previously unidentified security hole in its Acrobat and PDF Reader products.
I’ve received several e-mails from readers concerned about a mysterious, undocumented software patch that Microsoft began offering to Windows 7 users through Windows Update this week. Readers were nervous about this patch because it lacks any real description of its function, and what little documentation there is about it says that it cannot be removed once installed, and that it may be required as a prerequisite for installing future updates.
A new version of the infamous Koobface worm designed to attack Mac OS X computers is spreading through Facebook and other social networking sites, security experts warn.
Security software maker Intego says this Mac OS X version of the Koobface worm is being served as part of a multi-platform attack that uses a malicious Java applet to attack users. According to Intego, the apple includes a prompt to install the malicious software:
“Firesheep,” a new add-on for Firefox that makes it easier to hijack e-mail and social networking accounts of others who are on the same wired or wireless network, has been getting some rather breathless coverage by the news media, some… Read More »
The Web site for the Nobel Peace Prize has been serving up malicious software that takes advantage of a newly-discovered security hole in Mozilla Firefox, computer security experts warned today. Oslo-based Norman ASA warned that visitors who browsed the Nobel… Read More »
Chatter in the hacker underground suggests that certain elements within that community have conspired to end development of the infamous ZeuS banking Trojan, and to merge its code base with that of the up-and-coming SpyEye Trojan. This Web Fraud 2.0. acquisition appears to be a bid to build a more powerful e-banking threat whose sale is restricted to a more exclusive group of crooks.
Individuals who normally promote unlicensed, fly-by-night Internet pharmacies recently registered thousands of hardcore porn and bestiality Web sites using contact information for the founder of a company that has helped to shutter more than 10,000 of these Internet pill mills over the past year, KrebsOnSecurity.com has learned.
Real Networks Inc. has released a new version of RealPlayer that fixes at least seven critical vulnerabilities that could be used to compromise host systems remotely if left unpatched. I’ve never hidden my distaste for this program, mainly due to… Read More »
Microsoft Corp. today warned that it is seeing a huge uptick in attacks against security holes in Java, a software package that is installed on the majority of the world’s desktop computers. In a posting to the Microsoft Malware Protection… Read More »