Author Archives: BrianKrebs

Court: 4 More Months for DNSChanger-Infected PCs

March 6, 2012

Millions of PCs sickened by a global computer contagion known as DNSChanger were slated to have their life support yanked on March 8. But an order handed down Monday by a federal judge will delay that event by 120 days to give companies, businesses and governments more time to respond to the epidemic.

The reprieve came late Monday, when the judge overseeing the U.S. government’s landmark case against an international cyber fraud network agreed that extending the deadline was necessary “to continue to provide remediation details to industry channels approved by the FBI.”

Adobe Patches Critical Flash Flaws

March 5, 2012

30 Comments

For the second time in less than a month, Adobe has issued an update to fix dangerous flaws in its Flash Player software. The update addresses two vulnerabilities rated “critical,” but Adobe says it is not aware of active attacks against either flaw.

Double the Love from Friends and Enemies

March 4, 2012

31 Comments

KrebsOnSecurity.com earned two honors this week at the RSA Security Conference. For the second year running, it was voted the blog that best represents the security industry by judges at the Social Security Bloggers Awards. I was also recognized for the Security Bloggers Hall of Fame award, alongside noted security expert Bruce Schneier.

PSI 3.0: Auto-Patching for Dummies

February 28, 2012

26 Comments

A new version of the Personal Software Inspector (PSI) tool from vulnerability management firm Secunia automates the updating of third-party programs that don’t already have auto-updaters built-in. The new version is a welcome development for Internet users who are still searching their keyboards for the “any” key, but experienced PSI users will probably want to stick with the current version.

Feds Request DNSChanger Deadline Extension

February 22, 2012

39 Comments

Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet next month if a court approves a new request by the U.S. government. Meanwhile, six men accused of infecting and managing the huge collection of hacked PCs are expected to be extradited from their native Estonia to face charges in the United States.

How Not to Buy Tax Software

February 22, 2012

27 Comments

Scott Henry scoured the Web for a good deal on buying TurboTax. His search ended at Blvdsoftware.com, which advertised a great price and an instant download. But when it came time to install the software, Henry began to have misgivings about the purchase, and reached out KrebsOnSecurity for a gut-check on whether trusting the software with his tax information was a wise move.

Five days after Henry purchased the product, blvdsoftware.com vanished from the Internet.

Zeus Trojan Author Ran With Spam Kingpins

February 17, 2012

24 Comments

The cybercrime underground is expanding each day, yet the longer I research this subject the more convinced I am that much of it is run by a fairly small and loose-knit group of hackers. That suspicion was reinforced this week when I discovered that the author of the infamous ZeuS Trojan was a core member of Spamdot, until recently the most exclusive online forum for spammers and the shady businessmen who maintain the biggest spam botnets.

Thanks to a deep-seated enmity between the owners of two of the largest spam affiliate programs, the database for Spamdot was leaked to a handful of investigators and researchers, including KrebsOnSecurity. The forum includes all members’ public posts and private messages — even those that members thought had been deleted. I’ve been poring over those private messages in an effort to map alliances and to learn more about the individuals behind the top spam botnets.

Flash Player Update Nixes Zero-Day Flaw

February 15, 2012

16 Comments

Adobe has issued a critical security update for its ubiquitous Flash Player software. The patch plugs at least seven security holes, including one reported by Google that is already being used to trick users into clicking on malicious links delivered via email.

In an advisory released Wednesday afternoon, Adobe warned that one of the flaws — a cross-site scripting vulnerability (CVE-2012-0767) reported by Google — was being used in the wild in active, targeted attacks designed to trick users into clicking on a malicious link delivered in an email message. The company said the flaw could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. A spokesperson for the company said this particular attack only works against Internet Explorer on Windows.

Java Security Update Scrubs 14 Flaws

February 15, 2012

15 Comments

Oracle has shipped a critical update that fixes at least 14 security vulnerabilities in its Java JRE software. The company is urging users to deploy the fixes as quickly as possible.

Microsoft AV Flags Google.com as ‘Blacole’ Malware

February 14, 2012

13 Comments

Computers running Microsoft’s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft.

Not long after Microsoft released software updates to fix at least 21 security holes in its Windows operating system and other software, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com.

The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software.