Category Archives: Latest Warnings

Rustock Botnet Flatlined, Spam Volumes Plummet

March 16, 2011

The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world’s most active spam-generating machines.

For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.

Adobe: Attacks on Flash Player Flaw

March 14, 2011

24 Comments

Adobe warned today attackers are exploiting a previously unknown security flaw in its Flash Player software. The company said the same vulnerability exists in Adobe Reader and Acrobat, but that it hasn’t yet seen attacks targeting the bug in those programs.

Green Skimmers Skimming Green

March 11, 2011

30 Comments

To combat an increase in ATM fraud from skimmer devices, cash machine makers have been outfitting ATMs with a variety of anti-skimming technologies. In many cases, these anti-skimming tools take the shape of green or blue semi-transparent plastic casings that protrude from the card acceptance slot to prevent would-be thieves from easily attaching skimming devices. But a surprising number of incidents, skimmer scammers have simply designed their skimmers to look exactly like the anti-skimming devices.

Patch Tuesday, Etc.

March 8, 2011

35 Comments

Microsoft has issued security updates to fix at least four security holes in its Windows operating system and other software. Not exactly a fat Patch Tuesday from Microsoft, but depending on how agile you are in updating third-party applications like Flash, iTunes and Shockwave, you may have some additional patching to do.

Java 6 Update 24 Plugs 21 Security Holes

February 17, 2011

31 Comments

A new version of Java fixes at least 21 security flaws in the widely-distributed software bundle. Updates are available for Windows, Linux and Solaris users. If you’re curious about the security updates included in Java 6 Update 24, see the… Read More »

Imageshack Swaps Spam Pages for Scam Alerts

February 12, 2011

23 Comments

Late this week, I heard from several anti-spam activists who alerted me to a nice reminder that spammers don’t always win: Spammers have been promoting their rogue pharmacy sites via images uploaded to free image hosting service imageshack.com. In response, the company appears to have simply replaced those images with the following subtle warning:

Adobe, Microsoft, WordPress Issue Security Fixes

February 9, 2011

32 Comments

Talk about Patch Tuesday on steroids! Adobe, Microsoft and WordPress all issued security updates for their products yesterday. In addition, security vendor Tipping Point released advisories detailing 21 unpatched vulnerabilities in products made by CA, EMC, HP, Novell and SCO.… Read More »

Taking Stock of Rustock

January 5, 2011

20 Comments

Global spam volumes have fallen precipitously in the past two months, thanks to a cessation of junk e-mail from Rustock — until recently the world’s most active spam botnet. But experts say those behind Rustock haven’t gone away, but have merely shifted the botnet’s resources toward other money-making activities, such as installing spyware and adware.

Microsoft Warns of Image Problem

January 4, 2011

25 Comments

Microsoft today warned Windows users about a previously unknown security vulnerability that could allow attackers to install malware simply by getting users to view a malicious image in a Web browser or document.

Exploit Published for New Internet Explorer Flaw

December 23, 2010

13 Comments

Hackers have released exploit code that can be used to compromise Windows PCs through a previously unknown security flaw present in all versions Internet Explorer, Microsoft warned today.

Dave Forstrom, director of trustworthy computing at Microsoft, said the software giant is not aware of any attacks via this flaw attack customers, “given the public disclosure of this vulnerability, the likelihood of criminals using this information to actively attack our customers may increase.”