Author Archives: BrianKrebs

SWATting Incidents Tied to ID Theft Sites?

April 17, 2013
31 Comments

Many readers have been asking for an update on the “SWATting” incident at my home last month, in which someone claiming to be me called in a phony home invasion in progress at my address, prompting a heavily armed police response. There are two incremental developments on this story. The first is I’ve learned more about how the hoax was perpetrated. The second is that new evidence suggests that the same party or parties responsible also have been SWATting Hollywood celebrities and posting their personal information on site called exposed.re.

Brute Force Attacks Build WordPress Botnet

April 12, 2013
68 Comments

Security experts are warning that an escalating series of attacks designed to break into poorly-secured WordPress blogs is fueling the growth of a botnet made up of Web servers that could be the precursor to a broad-scale campaign to distribute malicious software and launch debilitating network attacks.

Microsoft: Hold Off Installing MS13-036

April 12, 2013
39 Comments

Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system. The advice comes in response to a spike in complaints from Windows users who found their machines unbootable after applying the update.

Hay Maker Seeks Cyberheist Bale Out

April 11, 2013
59 Comments

An Oregon agricultural products company is suing its bank to recover nearly a quarter-million dollars stolen in a 2010 cyberheist. The lawsuit is the latest in a series of legal challenges seeking to hold financial institutions more accountable for costly corporate account takeovers tied to cybercrime.

Critical Fixes for Windows, Flash & Shockwave

April 9, 2013
35 Comments

The second Tuesday of the month is upon us, and that means it’s once again time to get your patches on, people (at least for you folks running Windows or Adobe products). Microsoft today pushed out nine patch bundles to plug security holes in Windows and its other products. Separately, Adobe issued updates for its Flash and Shockwave media players that address four distinct security holes in each program.

Phoenix Exploit Kit Author Arrested In Russia?

April 8, 2013
37 Comments

The creator of a popular crimeware package known as the Phoenix Exploit Kit was arrested in his native Russia for distributing malicious software and for illegally possessing multiple firearms, according to underground forum posts from the malware author himself.

Who Wrote the Flashback OS X Worm?

April 3, 2013
75 Comments

A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple’s version of Java. This somewhat dismal anniversary is probably as good a time as any to publish some clues I’ve gathered over the past year that point to the real-life identity of the Flashback worm’s creator.

Fool Me Once…

April 2, 2013
72 Comments

When you’re lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to ‘maximum.’ But when you’ve gained access to an elite black market section of a closely guarded crime forum to which very few have access, it’s easy to let your guard down. That’s what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be cybersleuths.

DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks

April 1, 2013
37 Comments

As if emergency responders weren’t already overloaded: Increasingly, extortionists are launching debilitating attacks designed to overwhelm the telephone networks of emergency communications centers and personnel, according to a confidential alert jointly issued by the Department of Homeland Security and the FBI.