Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

Chasing APT: Persistence Pays Off

October 27, 2011

The IT director for an international hedge fund received the bad news in a phone call from a stranger: Chinese hackers were running amok on the fund’s network. Not seeing evidence of the claimed intrusion, and unsure of the credibility of the caller, the IT director fired off an email to a reporter.

“So do you think this is legit, or is the guy trying to scare us?” the IT director asked in an email to KrebsOnSecurity.com, agreeing to discuss the incident if he and his company were not named. “He has sent me the logs for the connections to the infected server. I checked the firewall and am not seeing any active connections.”

Who Else Was Hit by the RSA Attackers?

October 24, 2011

94 Comments

The data breach disclosed in March by security firm RSA received worldwide attention because it highlighted the challenges that organizations face in detecting and blocking intrusions from targeted cyber attacks. What’s more, the subtext of the intrusion was that if this could happen to one of the largest security firms, what hope was there for organizations that aren’t focused on security?

Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to say publicly which additional companies may have been hit. Today’s post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.

Identity Theft More Profitable Than Car Theft

October 10, 2011

20 Comments

Buying a car or making any other expensive purchase can be a hassle. And when it’s necessary to finance a purchase, there’s one more hurdle. If you want merchant financing, you’ll often be required to fill out a credit application… Read More »

Inside a Modern Mac Trojan

September 28, 2011

31 Comments

Mac malware is back in the news again. Last week, security firm F-Secure warned that it had discovered a Trojan built for OS X that was disguised as a PDF document. It’s not clear whether this malware is a present threat — it was apparently created sometime last year — but the mechanics of how it infects Mac systems is worth a closer look because it challenges a widely-held belief among Mac users that malicious software cannot install without explicit user permission.

MySQL.com Sold for $3k, Serves Malware

September 26, 2011

41 Comments

A security firm revealed today that mysql.com, the central repository for widely-used Web database software, was hacked and booby-trapped to serve visitors with malicious software. The disclosure caught my eye because just a few days ago I saw evidence that administrative access to mysql.com was being sold on the hacker underground for just $3,000.

Coordinated ATM Heist Nets Thieves $13M

August 26, 2011

37 Comments

An international cybercrime gang stole $13 million from a Florida-based financial institution earlier this year, by executing a highly-coordinated heist in which thieves used ATMs around the globe to cash out stolen prepaid debit cards, KrebsOnSecurity has learned.

Hybrid Hydras and Green Stealing Machines

August 24, 2011

8 Comments

Hybrids seem to be all the rage in the automobile industry, so it’s unsurprising that hybrid threats are the new thing in another industry that reliably ships updated product lines: The computer crime world. The public release of the source code for the ZeuS Trojan earlier this year is spawning novel attack tools. And just as hybrid cars hold the promise of greater fuel efficiency, these nascent threats show the potential of the ZeuS source code leak for morphing ordinary, run-of-the-mill malware into far more efficient data-stealing machines.

Flashy Cars Got Spam Kingpin Mugged

August 22, 2011

18 Comments

A Russian spammer suspected of being the man behind the infamous Rustock spam botnet earned millions of dollars blasting junk email for counterfeit Internet pharmacies. Those ill-gotten riches allowed him to buy flashy sports cars, but new information suggests they also attracted the attention of common street thugs who targeted and ultimately mugged the spammer, stealing two of his prized rides.

Microsoft Offers $250K Bounty for Rustock Author

July 18, 2011

6 Comments

Microsoft said today that it is offering a $250,000 reward for new information leading to the arrest and conviction of the individual(s) responsible for the Rustock botnet, a now-defunct crime machine that was once responsible for sending 40 percent of… Read More »

Which Banks Are Enabling Fake AV Scams?

July 6, 2011

45 Comments

Fake antivirus scams and rogue Internet pharmacies relentlessly seek customers who are willing to trade their credit card numbers for a remedy. Banks and financial institutions become partners in crime when they process payments to fraudsters.

Published research has shown that rogue Internet pharmacies and spam would be much less prevalent and profitable if a few top U.S. financial institutions stopped processing payments for dodgy overseas banks. This is also true for fake antivirus scams, which use misleading security alerts to frighten people into purchasing worthless security software.