Yearly Archives: 2011

Critical Security Updates for Adobe Acrobat, Flash, Reader

March 21, 2011

Adobe today released a software update to plug a critical security hole in its Flash Player, Adobe Acrobat and PDF Reader products. The patch comes a week after the software maker warned that miscreants were exploiting the Flash vulnerability to launch targeted attacks on users.

The Flash update address a critical vulnerability in Adobe Flash Player version 10.2.152.33 and earlier versions (Adobe Flash Player version 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android.

Homegrown: Rustock Botnet Fed by U.S. Firms

March 21, 2011

47 Comments

Aaron Wendel opened the doors of his business to some unexpected visitors on the morning of Mar. 16, 2011. The chief technology officer of Kansas City based hosting provider Wholesale Internet found that two U.S. marshals, a pair of computer forensics experts and a Microsoft lawyer had come calling, armed with papers allowing them to enter the facility and to commandeer computer hard drives and portions of the hosting firm’s network. Anyone attempting to interfere would be subject to arrest and prosecution.

Rustock Botnet Flatlined, Spam Volumes Plummet

March 16, 2011

48 Comments

The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world’s most active spam-generating machines.

For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.

ZeuS Innovations: ‘No-$H!+ Reports’

March 16, 2011

41 Comments

Security experts long have warned computer users of the threat from “keystroke-logging” malware, malicious programs capable of recording your every keystroke. But the truth is, real bad guys don’t care about your everyday chit-chat. More importantly, their data-stealing creations tend to strip out or ignore anything that isn’t related to specific information they are seeking, such as credit card numbers and online bank account credentials.

Adobe: Attacks on Flash Player Flaw

March 14, 2011

24 Comments

Adobe warned today attackers are exploiting a previously unknown security flaw in its Flash Player software. The company said the same vulnerability exists in Adobe Reader and Acrobat, but that it hasn’t yet seen attacks targeting the bug in those programs.

Rogue Antivirus Via Skype Phone Call?

March 11, 2011

34 Comments

A few readers have written in to say they recently received Skype phone calls urging them to download and install a system update for Microsoft Windows. Users who visit the recommended site are bombarded with the same old scareware prompts that try to frighten them into purchasing worthless security software.

Green Skimmers Skimming Green

March 11, 2011

30 Comments

To combat an increase in ATM fraud from skimmer devices, cash machine makers have been outfitting ATMs with a variety of anti-skimming technologies. In many cases, these anti-skimming tools take the shape of green or blue semi-transparent plastic casings that protrude from the card acceptance slot to prevent would-be thieves from easily attaching skimming devices. But a surprising number of incidents, skimmer scammers have simply designed their skimmers to look exactly like the anti-skimming devices.

SpyEye, ZeuS Users Target Tracker Sites

March 9, 2011

50 Comments

Crooks who create botnets with crimeware kits SpyEye and ZeuS are creatively venting their frustration over a pair of Web services that help ISPs and companies block infected machines from communicating with control networks run by the botmasters.

Patch Tuesday, Etc.

March 8, 2011

35 Comments

Microsoft has issued security updates to fix at least four security holes in its Windows operating system and other software. Not exactly a fat Patch Tuesday from Microsoft, but depending on how agile you are in updating third-party applications like Flash, iTunes and Shockwave, you may have some additional patching to do.

WHOIS Problem Reporting System to Gain Privacy Option

March 8, 2011

6 Comments

A system put in place to allow anti-spam activists to report entities that bulk-register domain names using false or misleading contact information is about to gain a much-needed new privacy feature: The option for activists not to expose their identities to the very spammers they’re trying to report.