Nate Anderson at Ars Technica has a good story about how investigators tracked down “Virus,” the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, I’ve been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.
A broad variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.
Federal prosecutors are expected to announce today criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer.
Security experts in Poland on Thursday quietly seized domains used to control the “Virut” botnet, a huge army of hacked PCs that is custom-built to be rented out to cybercriminals.
Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.
Last week, National Public Radio aired a story on my Pharma Wars series, which chronicles an epic battle between men who ran two competing cybercrime empires that used spam to pimp online pharmacy sites. As I was working with the NPR reporter on the story, I was struck by how much spam has decreased over the past couple of years. Below is a graphic that’s based on spam data collected by Symantec’s MessageLabs. It shows that global spam volumes fell and spiked fairly regularly, from highs of 6 trillion messages sent per month to just below 1 trillion. I produced this graph based on Symantec’s raw spam data.
A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed “bx1,” a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.
Both Facebook and Yahoo! recently fixed security holes that let hackers hijack user accounts. Interestingly, access to methods for exploiting both of the flaws appears to have been sold by the same miscreant in the cybercrime underground.
The Value of a Hacked PC graphic, which I published on this blog a few months ago to explain bad guy uses for your PC, is getting a makeover. I’m honored to say that the SANS Institute, a security training group,… Read More »
The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.
