Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

Inside a ‘Reveton’ Ransomware Operation

August 13, 2012
46 Comments

The U.S Federal Bureau of Investigation is warning about an uptick in online extortion scams that impersonate the FBI and frighten people into paying fines to avoid prosecution for supposedly downloading child pornography and pirated content. This post offers an inside look at one malware gang responsible for orchestrating such scams.

In an alert published last week, the FBI said that The Internet Crime Complaint Center — a partnership between the FBI and the National White Collar Crime Center — was “getting inundated with complaints” from consumers targeted or victimized by the scam, which uses drive-by downloads to hijack host machines. The downloaded malware displays a threatening message (see image to the right) and blocks the user from doing anything else unless he pays the fine or finds a way to remove the program.

‘Booter Shells’ Turn Web Sites into Weapons

August 10, 2012
102 Comments

Hacked Web sites aren’t just used for hosting malware anymore. Increasingly, they are being retrofitted with tools that let miscreants harness the compromised site’s raw server power for attacks aimed at knocking other sites offline.

It has long been standard practice for Web site hackers to leave behind a Web-based “shell,” a tiny “backdoor” program that lets them add, delete and run files on compromised server. But in a growing number of Web site break-ins, the trespassers also are leaving behind simple tools called “booter shells,” which allow the miscreants to launch future denial-of-service attacks without the need for vast networks of infected zombie computers.

Tech Support Phone Scams Surge

August 2, 2012
62 Comments

The bogus tech support boiler rooms must be working overtime lately. I’ve recently been inundated with horror stories from readers who reported being harassed by unsolicited phone calls from people with Indian accents posing as Microsoft employees and pushing dodgy PC security services.

These telemarketing scams are nothing new, of course, but they seem to come and go in waves, and right now it’s definitely high tide. One reader’s story in particular really creeped me out. “Ron” wrote in to say his friend’s young daughter was the latest target.

Tagging and Tracking Espionage Botnets

July 30, 2012
14 Comments

A security researcher who’s spent the last 18 months cataloging and tracking malware that was developed and deployed online specifically for spying on governments, activists and industry executives says the complexity and scope of these cyberespionage malware networks now rivals many large conventional cybercrime operations.

Joe Stewart, senior director of malware research at Atlanta-based Dell SecureWorks, said he’s logged over 200 unique families of custom malware used in cyber-espionage campaigns, and some 1,000 domain names registered by cyberspies for using in hosting networks used to control the malware, or for use in “spear phishing,” highly targeted emails that spread the malware.

Spammers Target Dropbox Users

July 17, 2012
16 Comments

“Always have your stuff when you need it with Dropbox.” That’s the marketing line for the online file storage service, but today users have had difficulty logging into the service. The outages came amid reports that many European Dropbox users were being blasted with spam for online casinos, suggesting some kind of leak of Dropbox user email addresses.

Plesk 0Day For Sale As Thousands of Sites Hacked

July 10, 2012
46 Comments

Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel, a software suite used to remotely administer hosted servers at a large number of Internet hosting firms. The attack comes amid reports from multiple sources indicating a spike in Web site compromises that appear to trace back to Plesk installations.

Beware Scare Tactics for Mobile Security Apps

June 20, 2012
25 Comments

It may not be long before your mobile phone is beset by the same sorts of obnoxious, screen-covering, scaremongering ads pimping security software that once inundated desktop users before pop-up blockers became widely-used.
Richard M. Smith, a Boston-based security consultant, was browsing a local news site with his Android phone when his screen was taken over by an alarming message warning of page errors and viruses. Clicking anywhere on the ad takes users to a Web site selling SnapSecure, a mobile antivirus and security subscription service that bills users $5.99 a month.

How Companies Can Beef Up Password Security

June 11, 2012
111 Comments

Separate password breaches last week at LinkedIn, eHarmony and Last.fm exposed millions of credentials, and once again raised the question of whether any company can get password security right. To understand more about why companies keep making the same mistakes and what they might do differently to prevent future password debacles, I interviewed Thomas Ptacek, a security researcher with Matasano Security.

Ptacek is just one of several extremely smart researchers I’ve been speaking with about this topic. Below are some snippets from a conversation we had last week.

Alleged Romanian Subway Hackers Were Lured to U.S.

June 6, 2012
25 Comments

The alleged ringleader of a Romanian hacker gang accused of breaking into and stealing payment card data from hundreds of Subway restaurants made news late last month when he was extradited to face charges in the United States. But perhaps the more interesting story is how his two alleged accomplices happened to have come to this country willingly: They were lured here by undercover U.S. Secret Service agents who promised to shower the men with love and riches.