Yearly Archives: 2010

Demystifying KB976902, a.k.a. Microsoft’s “Blackhole” Update

October 28, 2010

I’ve received several e-mails from readers concerned about a mysterious, undocumented software patch that Microsoft began offering to Windows 7 users through Windows Update this week. Readers were nervous about this patch because it lacks any real description of its function, and what little documentation there is about it says that it cannot be removed once installed, and that it may be required as a prerequisite for installing future updates.

Koobface Worm Targets Java on Mac OS X

October 27, 2010

57 Comments

A new version of the infamous Koobface worm designed to attack Mac OS X computers is spreading through Facebook and other social networking sites, security experts warn.

Security software maker Intego says this Mac OS X version of the Koobface worm is being served as part of a multi-platform attack that uses a malicious Java applet to attack users. According to Intego, the apple includes a prompt to install the malicious software:

Firesheep: Baaaaad News for the Unwary

October 27, 2010

41 Comments

“Firesheep,” a new add-on for Firefox that makes it easier to hijack e-mail and social networking accounts of others who are on the same wired or wireless network, has been getting some rather breathless coverage by the news media, some… Read More »

Nobel Peace Prize Site Serves Firefox 0day

October 26, 2010

16 Comments

The Web site for the Nobel Peace Prize has been serving up malicious software that takes advantage of a newly-discovered security hole in Mozilla Firefox, computer security experts warned today. Oslo-based Norman ASA warned that visitors who browsed the Nobel… Read More »

SpyEye v. ZeuS Rivalry Ends in Quiet Merger

October 24, 2010

39 Comments

Chatter in the hacker underground suggests that certain elements within that community have conspired to end development of the infamous ZeuS banking Trojan, and to merge its code base with that of the up-and-coming SpyEye Trojan. This Web Fraud 2.0. acquisition appears to be a bid to build a more powerful e-banking threat whose sale is restricted to a more exclusive group of crooks.

Pill Gangs Besmirch LegitScript Founder

October 21, 2010

54 Comments

Individuals who normally promote unlicensed, fly-by-night Internet pharmacies recently registered thousands of hardcore porn and bestiality Web sites using contact information for the founder of a company that has helped to shutter more than 10,000 of these Internet pill mills over the past year, KrebsOnSecurity.com has learned.

Critical RealPlayer Update

October 20, 2010

12 Comments

Real Networks Inc. has released a new version of RealPlayer that fixes at least seven critical vulnerabilities that could be used to compromise host systems remotely if left unpatched. I’ve never hidden my distaste for this program, mainly due to… Read More »

Microsoft: ‘Unprecedented Wave of Java Exploitation’

October 18, 2010

34 Comments

Microsoft Corp. today warned that it is seeing a huge uptick in attacks against security holes in Java, a software package that is installed on the majority of the world’s desktop computers. In a posting to the Microsoft Malware Protection… Read More »

Earn a Diploma from Scam U

October 17, 2010

15 Comments

Since the dawn of the Internet, tutorials showing would-be scammers how to fleece others have been available online, and there is a growing catalog of fraud instructional videos as well. But for novices who who can’t be bothered to scour the ‘Net for these far flung free resources, the tricks of the trade can now be learned through intensive one-on-one apprenticeships that are sold online like community college classes in e-thievery.

Cyber Deterrence Group Urges Greater Disclosure, Transparency

October 14, 2010

11 Comments

A group tasked with devising strategies to deter cyber attacks is calling for mandatory public disclosure of fraud and hacking incidents by governments and organizations of all sizes, including banks.