Monthly Archives: August 2012

Security Fix for Critical Java Flaw Released

August 30, 2012

Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws.

Researchers: Java Zero-Day Leveraged Two Flaws

August 29, 2012

New analysis of a zero-day Java exploit that surfaced last week indicates that it takes advantage of not one but two previously unknown vulnerabilities in the widely-used software. The latest figures suggest that more than a billion users may be vulnerable to attack.

Attackers Pounce on Zero-Day Java Exploit

August 27, 2012

Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole.

Inside the Grum Botnet

August 20, 2012

KrebsOnSecurity has obtained an exclusive look inside the back-end operations of the recently-destroyed Grum spam botnet. It appears that the crime machine was larger and more complex than many experts had imagined. It also looks like my previous research into the identity of the Grum botmaster was right on target.

Critical Security Fixes from Adobe, Microsoft

August 14, 2012

Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software. Adobe’s fixes include a patch for a Flash Player flaw that is actively being exploited. Microsoft’s Patch Tuesday release includes nine patch bundles — more than half of them rated critical — addressing at least 27 security holes in Windows and related software.

Inside a ‘Reveton’ Ransomware Operation

August 13, 2012

The U.S Federal Bureau of Investigation is warning about an uptick in online extortion scams that impersonate the FBI and frighten people into paying fines to avoid prosecution for supposedly downloading child pornography and pirated content. This post offers an inside look at one malware gang responsible for orchestrating such scams.

In an alert published last week, the FBI said that The Internet Crime Complaint Center — a partnership between the FBI and the National White Collar Crime Center — was “getting inundated with complaints” from consumers targeted or victimized by the scam, which uses drive-by downloads to hijack host machines. The downloaded malware displays a threatening message (see image to the right) and blocks the user from doing anything else unless he pays the fine or finds a way to remove the program.

‘Booter Shells’ Turn Web Sites into Weapons

August 10, 2012

Hacked Web sites aren’t just used for hosting malware anymore. Increasingly, they are being retrofitted with tools that let miscreants harness the compromised site’s raw server power for attacks aimed at knocking other sites offline.

It has long been standard practice for Web site hackers to leave behind a Web-based “shell,” a tiny “backdoor” program that lets them add, delete and run files on compromised server. But in a growing number of Web site break-ins, the trespassers also are leaving behind simple tools called “booter shells,” which allow the miscreants to launch future denial-of-service attacks without the need for vast networks of infected zombie computers.

Triple DDoS vs. KrebsOnSecurity

August 8, 2012

During the last week of July, a series of steadily escalating cyber attacks directed at my Web site and hosting provider prevented many readers from being able to reach the site or read the content via RSS. Sorry about that. What follows is a post-mortem on those digital sieges, which featured a mix of new and old-but-effective attack methods.