Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Experts Warn of New Windows Shortcut Flaw

July 15, 2010

Researchers have discovered what appears to be a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.

USB-borne malware is extremely common, and most malware that piggybacks on USB and other removable drives traditionally has taken advantage of the Windows Autorun or Autoplay feature. But according to VirusBlokAda, this strain of malware leverages a vulnerability in the method Windows uses for handling shortcut files.

Pirate Bay Hack Exposes User Booty

July 7, 2010

78 Comments

Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users, according to information obtained by KrebsOnSecurity.com. An Argentinian hacker named Ch Russo said… Read More »

Top Apps Largely Forgo Windows Security Protections

July 1, 2010

36 Comments

Many of the most widely used third-party software applications for Microsoft Windows do not take advantage of two major lines of defense built into the operating system that can help block attacks from hackers and viruses, according to research released today.

Anti-virus is a Poor Substitute for Common Sense

June 25, 2010

63 Comments

A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.

Last week, security software testing firm NSS Labs released the results of its latest controversial test of how the major anti-virus products fared in detecting real-life malware from actual malicious Web sites: Most of the products took an average of more than 45 hours — nearly two days — to detect the latest threats.

Drug Charges Against Accused AT&T/iPad Hacker

June 17, 2010

18 Comments

A hacker in a group that discovered the AT&T iPad-related flaw was arrested on drug charges following the execution of an FBI search warrant of his home in Arkansas on Tuesday, according to published reports. CNET’s Elinor Mills writes that… Read More »

Police Arrest 178 in U.S.-Europe Raid on Credit Card ‘Cloning Labs’

June 15, 2010

12 Comments

Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euro ($24.52 million), according to a report from Reuters.

The stories so far are all light on details or whether this bust was connected to specific fraud forums that facilitate the trade in stolen credit card data, but the wire reports include the following information:

Cloud Keyloggers?

June 14, 2010

6 Comments

Keystroke-logging computer viruses let crooks steal your passwords, and sometimes even read your e-mails and online chats. Recently, however, anonymous criminals have added insult to injury, releasing a keylogger that publishes stolen information for all the world to see at online notepad sharing sites such as pastebin.com.

Don’t Need Java? Junk It.

June 11, 2010

67 Comments

I am often asked to recommend security software, but I think it’s important to bear in mind that staying secure is just as often about removing little-used software that increases your exposure to online threats. At the very top of my nix-it-now list is Java, a powerful application that most users have on their systems but that probably few actually need.

ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

June 9, 2010

41 Comments

Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.

ATM Skimmers: Separating Cruft from Craft

June 3, 2010

43 Comments

ATM skimmers, fraud devices that criminals attach to cash machines in a bid to steal and ultimately clone customer bank card data, are marketed on a surprisingly large number of open forums and Web sites. For example, ATMbrakers operates a forum that claims to sell or even rent ATM skimmers. Tradekey.com, a place where you can find truly anything for sale, also markets these devices on the cheap.

The truth is that most of these skimmers openly advertised are little more than scams designed to separate clueless crooks from their ill-gotten gains. Start poking around on some of the more exclusive online fraud forums for sellers who have built up a reputation in this business and chances are eventually you will hit upon the real deal.