Russian authorities on Thursday arrested Pavel Vrublevsky, co-founder of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals. Vrublevsky, 32, is probably best known as the co-owner of the Rx-Promotion rogue… Read More »
New research suggests that the majority of personal computers infected with malicious software may have arrived at that state thanks to a bustling underground market that matches criminal gangs who pay for malware installs with enterprising hackers looking to sell access to compromised PCs.
Pay-per-install (PPI) services are advertised on shadowy underground Web forums. Clients submit their malware—a spambot, fake antivirus software, or password-stealing Trojan—to the PPI service, which in turn charges rates from $7 to $180 per thousand successful installations, depending on the requested geographic location of the desired victims.
LastPass.com, a free password management service that lets users unlock access to all of their password protected sites with a single master password, is forcing all of its approximately 1.25 million users to change their master passwords after discovering that… Read More »
The Federal Bureau of Investigation warned this week that cyber thieves have stolen approximately $20 million over the past year from small to mid-sized businesses, through a series of fraudulent wire transfers sent to Chinese economic and trade companies located near the country’s border with Russia.
The FBI said that between March 2010 and April 2011, it identified twenty incidents in which small to mid-sized organizations had fraudulent wire transfers to China, and that the total losses from the fraud was about $11 million. The alert was sent out Tuesday, in cooperation with the Internet Crime Complaint Center and the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium.
KrebsOnSecurity.com was honored at the annual Social Security Blogger Awards at the RSA security conference in San Francisco this week. Judges and voters picked this blog as the one they thought best represents the security industry today.
On February 8, 2009, a customer at an ATM at a Bank of America branch in Sun Valley, Calif., spotted something that didn’t look quite right about the machine: A silver, plexiglass device had been attached to the ATM’s card acceptance slot, in a bid to steal card data from unsuspecting ATM users.
But the customer and the bank’s employees initially overlooked a secondary fraud device that the unknown thief had left at the scene: A sophisticated, battery operated and motion activated camera designed to record victims entering their personal identification numbers at the ATM.
Late last year, online crime forums were abuzz with talk that development of the world’s most notorious banking Trojan — ZeuS — was being retired, after its maker handed the malware’s secret blueprints to a rival developer. The recipient of those plans — the author of the SpyEye Trojan– has been hard at work on a malware strain that blends the two malware families. But new evidence suggests that the source code for the latest ZeuS version may have been given to a third party and is now up for sale in the criminal underground, a development that could soon guarantee the production of a whole new ZeuS lineage.
Microsoft warned today that hackers have published instructions for attacking a previously unknown security hole in all versions of Windows that could be exploited to siphon user data or trick users into installing malicious code.
With all of the media and public fascination with threats like Stuxnet and weighty terms like “cyberwar,” it’s easy to overlook the more humdrum and persistent security threats, such as Web site (in)security. But none of that should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies.
It’s hard to believe that a year has passed since I posted the first entry on this blog. It seems like just yesterday that I was leaving The Washington Post and making a huge – and somewhat scary – leap… Read More »
