A crude but effective online service that lets users deploy keystroke logging malware and then view the stolen data remotely was hacked recently. The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored.
Faced with an onslaught of malware attacks that leverage vulnerabilities and design weaknesses in Java, Oracle Corp. recently tweaked things so that Java now warns users about the security risks of running Java content. But new research shows that the integrity and accuracy of these warning messages can be subverted easily in any number of ways, and that Oracle’s new security scheme actually punishes Java application developers who adhere to it.
The high-profile Web site defacement and hacker group known as the Syrian Electronic Army (SEA) continues to deny that its own Web server was hacked, even as gigabytes of data apparently seized during the compromise leaked onto the Deep Web this weekend.
A hacking group calling itself the Syrian Electronic Army (SEA) has been getting an unusual amount of press lately, most recently after hijacking the Web sites of The New York Times and The Washington Post, among others. But surprisingly little light has been shed on the individuals behind these headline-grabbing attacks. Beginning today, I’ll be taking a closer look at this organization, starting with one of the group’s core architects.
Stories in this blog’s Breadcrumbs series have sought to comb through clues that point to the possible location and identities of malware authors and purveyors. But from time to time those clues lead definitively back to an individual. In today’s post, we’ll look at the author of the Pincer Trojan for Android — a 32-year-old programmer at a mobile app development firm in Russia.
Pro tip: If you’re planning to launch a debilitating denial-of-service attack against your former employer, try not to “like” the Facebook page of the DDoS-for-hire Web service that you intend to use in the assault. Tell that to Kevin Courtois, a 28-year-old from Three Rivers, Quebec who was arrested earlier this year for allegedly launching a volley of cyber attacks against his former company over a nine month period beginning in May 2012.
The Washington Post acknowledged today that a sophisticated phishing attack against its newsroom reporters led to the hacking of its Web site, which was seeded with code that redirected readers to the Web site of the Syrian Electronic Army hacker group. According to information obtained by KrebsOnSecurity, the hack began with a phishing campaign launched over the weekend that ultimately hooked one of the paper’s lead sports writers.
As documented time and again on this blog, cybercrooks are often sloppy or lazy enough to leave behind important clues about who and where they are. But from time to time, cheeky crooks will dream up a trap designed to look like they’re being sloppy when in fact they’re trying to trick security researchers into being sloppy and infecting their computers with malware.
The success of social networking community Twitter has given rise to an entire shadow economy that peddles dummy Twitter accounts by the thousands, primarily to spammers, scammers and malware purveyors. But new research on identifying bogus accounts has helped Twitter to drastically deplete the stockpile of existing accounts for sale, and holds the promise of driving up costs for both vendors of these shady services and their customers.
A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser — an online anonymity tool powered by Firefox 17.
