Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Spear Phishing Attacks Snag E-mail Marketers

November 24, 2010

Criminals have been conducting complex, targeted e-mail attacks against employees at more than 100 e-mail service providers (ESPs) over the past several months in a bid to hijack computers at companies that market directly to customers of some of the world’s largest corporations, anti-spam experts warn.

The attacks are a textbook example of how organized thieves can abuse trust relationships between companies to access important resources that are then recycled in future attacks.

Crooks Rock Audio-based ATM Skimmers

November 23, 2010

26 Comments

Criminals increasingly are cannibalizing parts from handheld audio players and cheap spy cams to make extremely stealthy and effective ATM skimmers, devices designed to be attached to cash machines and siphon card +PIN data on the sly, a report released last week warned.

Pursuing Koobface and ‘Partnerka’

November 12, 2010

18 Comments

In any given week, I read at least a dozen reports and studies, but I seldom write about them because their conclusions either are obvious or appear slanted toward generating demand for specific products and services. Occasionally, though, a report… Read More »

All-in-One Skimmers

November 10, 2010

26 Comments

ATM skimmers come in all shapes and sizes, and most include several components — such as a tiny spy cam hidden in a brochure rack, or fraudulent PIN pad overlay. The problem from the thief’s perspective is that the more components included in the skimmer kit, the greater the chance that he will get busted attaching or removing the devices from ATMs.

Authorities Nab More ZeuS-Related Money Mules

November 8, 2010

32 Comments

Authorities in the United States and Moldova apprehended at least eight individuals alleged to have helped launder cash for an international cyber crime gang that stole more than $70 million from small to mid-sized organizations in recent months. In Wisconsin,… Read More »

Google Extends Security Bug Bounty to Gmail, YouTube, Blogger

November 1, 2010

10 Comments

Google on Monday said it was expanding a program to pay security researchers who discreetly report software flaws in the company’s products. The move appears aimed at engendering good will within the hacker community while encouraging more researchers to keep their findings private until the holes can be fixed.

Bredolab Mastermind Was Key Spamit.com Affiliate

October 30, 2010

38 Comments

The man arrested in Armenia last week for allegedly operating the massive “Bredolab” botnet — a network of some 30 million hacked Microsoft Windows PCs that were rented out to cyber crooks — appears to have generated much of his clientele as a key affiliate of Spamit.com, the global spamming operation whose members are blamed for sending a majority of the world’s pharmaceutical spam.

Demystifying KB976902, a.k.a. Microsoft’s “Blackhole” Update

October 28, 2010

57 Comments

I’ve received several e-mails from readers concerned about a mysterious, undocumented software patch that Microsoft began offering to Windows 7 users through Windows Update this week. Readers were nervous about this patch because it lacks any real description of its function, and what little documentation there is about it says that it cannot be removed once installed, and that it may be required as a prerequisite for installing future updates.

Firesheep: Baaaaad News for the Unwary

October 27, 2010

41 Comments

“Firesheep,” a new add-on for Firefox that makes it easier to hijack e-mail and social networking accounts of others who are on the same wired or wireless network, has been getting some rather breathless coverage by the news media, some… Read More »

Pill Gangs Besmirch LegitScript Founder

October 21, 2010

54 Comments

Individuals who normally promote unlicensed, fly-by-night Internet pharmacies recently registered thousands of hardcore porn and bestiality Web sites using contact information for the founder of a company that has helped to shutter more than 10,000 of these Internet pill mills over the past year, KrebsOnSecurity.com has learned.