Yearly Archives: 2010

Body Armor for Bad Web Sites

November 9, 2010

Hacked and malicious sites designed to steal data from unsuspecting users via malware and phishing are a dime a dozen, often located in the United States, and are a key target for takedown by ISPs and security researchers. But when online miscreants seek stability in their Web projects, they often turn to so-called “bulletproof hosting” providers, mini-ISPs that specialize in offering services that are largely immune from takedown requests and pressure from Western law enforcement agencies.

Authorities Nab More ZeuS-Related Money Mules

November 8, 2010

32 Comments

Authorities in the United States and Moldova apprehended at least eight individuals alleged to have helped launder cash for an international cyber crime gang that stole more than $70 million from small to mid-sized organizations in recent months. In Wisconsin,… Read More »

Keeping an Eye on the SpyEye Trojan

November 8, 2010

3 Comments

Last month, I published evidence suggesting that future development of the ZeuS banking Trojan was being merged with that of the up-and-coming SpyEye Trojan. Since then, a flood of new research and resources has been published about SpyEye, including a new site that helps network owners track the location of SpyEye control networks worldwide.

Flash Update Plugs 18 Security Holes

November 5, 2010

26 Comments

Adobe on Thursday released an update to its Flash Player software that fixes at least 18 security vulnerabilities, including one that is being exploited in targeted attacks.

Microsoft Warns of Attacks on Zero-Day IE Bug

November 3, 2010

10 Comments

Microsoft Corp. today warned Internet Explorer users that attackers are exploiting a previously unknown security hole in the browser to install malicious software. The company is urging users who haven’t already done so to upgrade to IE8, which it said includes technology that makes the vulnerability much more difficult to exploit.

‘Evilgrade’ Gets an Upgrade

November 3, 2010

14 Comments

“Evilgrade,” a toolkit that makes it simple for attackers to install malicious software by exploiting weaknesses in the auto-update feature of many popular software titles, recently received an upgrade of its own and is now capable of hijacking the update process of more than 60 legitimate programs.

Your Money or Your Business

November 2, 2010

28 Comments

New fees levied by financial institutions are likely to push thousands of small businesses into banking online, whether or not they are aware of and prepared for the types of sophisticated cyber attacks that have cost organizations tens of millions of dollars in recent months.

Google Extends Security Bug Bounty to Gmail, YouTube, Blogger

November 1, 2010

10 Comments

Google on Monday said it was expanding a program to pay security researchers who discreetly report software flaws in the company’s products. The move appears aimed at engendering good will within the hacker community while encouraging more researchers to keep their findings private until the holes can be fixed.

Bredolab Mastermind Was Key Spamit.com Affiliate

October 30, 2010

38 Comments

The man arrested in Armenia last week for allegedly operating the massive “Bredolab” botnet — a network of some 30 million hacked Microsoft Windows PCs that were rented out to cyber crooks — appears to have generated much of his clientele as a key affiliate of Spamit.com, the global spamming operation whose members are blamed for sending a majority of the world’s pharmaceutical spam.

Critical Fixes for Shockwave, Firefox

October 28, 2010

24 Comments

Adobe Systems pushed out critical security update for its Shockwave Player that fixes nearly a dozen security vulnerabilities. The software maker also is warning that attackers are targeting a previously unidentified security hole in its Acrobat and PDF Reader products.