Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

Advanced Persistent Tweets: Zero-Day in 140 Characters

May 3, 2011

The unceasing barrage of targeted email attacks that leverage zero-day software flaws to steal sensitive information from companies and the U.S. government often are characterized as ultra-sophisticated, almost ninja-like in their stealth and anonymity. But according to expert analysis of several recent zero-day attacks – including the much publicized break-in at security giant RSA — the apparent Chinese developers of those attack tools left clues aplenty about their identities and locations, with one actor even Tweeting about his newly discovered vulnerability days in advance of its use in the wild.

RSA and others have labeled recent zero-day attacks as the epitome of an “advanced persistent threat” (APT), a controversial term describing the daily onslaught of digital assaults launched by attackers that are considered to be highly-skilled, determined and have a long-term perspective on their mission. Because these attacks often result in the theft of sensitive and proprietary information from the government and private industry, the details surrounding them usually become shrouded in secrecy as law enforcement and national security officials swoop in to investigate.

But an investigation of some of the open source information available on the tools used in recent attacks labeled APT indicates that some of the actors involved are doing little to cover their tracks, and that not only are they identifiable, but that they’re not particularly concerned about suffering any consequences from their actions.

‘Weyland-Yutani’ Crime Kit Targets Macs for Bots

May 2, 2011

51 Comments

A new crimeware kit for sale on the criminal underground makes it a simple point-and-click exercise to develop malicious software designed to turn Mac OSX computers into bots. According to the vendor of this kit, it is somewhat interchangeable with existing crimeware kits made to attack Windows-based PCs.

U.S. Government Takes Down Coreflood Botnet

April 14, 2011

28 Comments

The U.S. Justice Department and the FBI this week were granted unprecedented authortiy to seize control over a criminal botnet that enslaved millions of computers and to use that control to disable the malicious software on infected PCs.

The target of the takedown was “Coreflood,” an infamous botnet that first emerged almost a decade ago as a high-powered virtual weapon designed to knock targeted Web sites offline. Over the years, the crooks running the botnet began using it to defraud owners of the victim PCs by stealing bank account information and draining balances.

Domains Used in RSA Attack Taunted U.S.

March 30, 2011

60 Comments

Details about the recent cyber attacks against security firm RSA suggest the assailants may have been taunting the industry giant and the United States while they were stealing secrets from a company whose technology is used to secure many banks and government agencies.

Homegrown: Rustock Botnet Fed by U.S. Firms

March 21, 2011

47 Comments

Aaron Wendel opened the doors of his business to some unexpected visitors on the morning of Mar. 16, 2011. The chief technology officer of Kansas City based hosting provider Wholesale Internet found that two U.S. marshals, a pair of computer forensics experts and a Microsoft lawyer had come calling, armed with papers allowing them to enter the facility and to commandeer computer hard drives and portions of the hosting firm’s network. Anyone attempting to interfere would be subject to arrest and prosecution.

Adobe: Attacks on Flash Player Flaw

March 14, 2011

24 Comments

Adobe warned today attackers are exploiting a previously unknown security flaw in its Flash Player software. The company said the same vulnerability exists in Adobe Reader and Acrobat, but that it hasn’t yet seen attacks targeting the bug in those programs.

SpyEye, ZeuS Users Target Tracker Sites

March 9, 2011

50 Comments

Crooks who create botnets with crimeware kits SpyEye and ZeuS are creatively venting their frustration over a pair of Web services that help ISPs and companies block infected machines from communicating with control networks run by the botmasters.

Pharma Wars

February 25, 2011

34 Comments

It’s difficult to chronicle a battle in which neither side wants to admit publicly that he is fighting for his life, or indeed that he has even launched attacks against his enemy. But such is the nature of a business-feud-turned-turf-war that is now playing out slowly between bosses of two of the Internet’s largest illicit pharmacy operations.

SpamIt, Glavmed Pharmacy Networks Exposed

February 24, 2011

35 Comments

An organized crime group thought to include individuals responsible for the notorious Storm and Waledac worms generated more than $150 million promoting rogue online pharmacies via spam and hacking, according to data obtained by KrebsOnSecurity.com.

Exploit Packs Run on Java Juice

January 10, 2011

25 Comments

In October, I showed why Java vulnerabilities continue to be the top moneymaker for purveyors of “exploit kits,” commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities. Today, I’ll highlight a few more recent examples of this with brand new exploit kits on the market, and explain why even fully-patched Java installations are fast becoming major enablers of browser-based malware attacks.