Don’t Get Sucker Pumped
Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit cards or cash when filling up the tank.
Author Archives: BrianKrebs
Security Vendors: Do No Harm, Heal Thyself
Security companies would do well to build their products around the physician’s code: “First, do no harm.” The corollary to that oath borrows from another medical mantra: “Security vendor, heal thyself. And don’t take forever to do it! “
Hacker Ring Stole 160 Million Credit Cards
U.S. federal authorities have indicted five men — four Russians and a Ukrainian – for allegedly perpetrating many of the biggest cybercrimes of the past decade, including the theft of more than 160 million credit card numbers from major U.S. retailers, banks and card processors.
Haunted by the Ghosts of ZeuS & DNSChanger
One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit dressed up as the new next big thing.
Toward A Greater Mobile Mal-Awareness
Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference.
One-Stop Bot Chop-Shops
New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines.
Styx Crypt Makers Push DDoS, Anti-Antivirus Services
I recently published a piece that examined the role of several Ukrainian men likely responsible for making and marketing the Styx Pack malware exploit kit. Today’s post will show how this same enterprise is linked to a DDoS protection scheme and a sprawling cybercrook-friendly malware scanning service that is bundled with Styx-Crypt.
Botcoin: Bitcoin Mining by Botnet
An increasing number of malware samples in the wild are using host systems to secretly mine bitcoins. In this post, I’ll look at an affiliate program that pays people for the mass installation of programs that turns host machines into bitcoin mining bots.
Getting Skimpy With ATM Skimmers
Cybercrooks can be notoriously cheap, considering how much they typically get for nothing. I’m reminded of this when I occasionally stumble upon underground forum members trying to sell a used ATM skimmer: Very often, the sales thread devolves into a flame war over whether the fully-assembled ATM skimmer is really worth more than the sum of its parts.
DEF CON To Feds: We Need Some Time Apart
One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is “Spot-the-Fed,” a playful and mostly harmless contest to out undercover government agents who attend the show. But that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay home.
