Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Twitter Bots Target Tibetan Protests

March 20, 2012
10 Comments

Twitter bots — automated accounts that auto-follow and send junk tweets hawking questionable wares and services — can be an annoyance to anyone who has even a modest number of followers. But increasingly, Twitter bots are being used as a tool to suppress political dissent, as evidenced by an ongoing flood of meaningless tweets directed at hashtags popular for tracking Tibetan protesters who are taking a stand against Chinese rule.

It’s not clear how long ago the bogus tweet campaigns began, but Tibetan sympathizers say they recently noticed that several Twitter hashtags related to the conflict — including #tibet and #freetibet — are now so constantly inundated with junk tweets from apparently automated Twitter accounts that the hashtags have ceased to become a useful way to track the conflict.

Hackers Offer Bounty for Windows RDP Exploit

March 15, 2012
16 Comments

A Web site that bills itself as a place where independent and open source software developers can hire each other has secured promises to award at least $1,435 to the first person who can develop a working exploit that takes advantage of newly disclosed and dangerous security hole in all supported versions of Microsoft Windows.

That reward, which is sure to only increase with each passing day, is offered to any developer who can devise an exploit for one of two critical vulnerabilities that Microsoft patched on Tuesday in its Remote Desktop Protocol (RDP), designed as a way to let administrators control and configure machines remotely over a network.

Aghast at Avast’s iYogi Support

March 14, 2012
135 Comments

The makers of Avast antivirus software are warning users about a new scam involving phone calls from people posing as customer service reps for the company and requesting remote access to user systems. Avast is still investigating the incidents, but a number of users are reporting that the incidents followed experiences with iYogi, the company in India that is handling Avast’s customer support.

A follow-up investigation by KrebsOnSecurity indicates that Avast (among other security companies) is outsourcing its customer support to a third-party firm that appears engineered to do little else but sell expensive and unnecessary support contracts.

Half of All ‘Rogue’ Pharmacies at Two Registrars

March 12, 2012
25 Comments

Half of all “rogue” online pharmacies — sites that sell prescription drugs without requiring a prescription — got their Web site names from just two domain name registrars, a study released today found. The findings illustrate the challenges facing Internet policymakers in an industry that is largely self-regulated and rewards companies who market their services as safe havens for shadowy businesses.

Banking on Badb in the Underweb

March 8, 2012
18 Comments

Underground Web sites can be a useful barometer for the daily volume of criminal trade in goods like stolen credit card numbers and hijacked PayPal or eBay accounts. And if the current low prices at one of Underweb’s newer and… Read More »

Court: 4 More Months for DNSChanger-Infected PCs

March 6, 2012
25 Comments

Millions of PCs sickened by a global computer contagion known as DNSChanger were slated to have their life support yanked on March 8. But an order handed down Monday by a federal judge will delay that event by 120 days to give companies, businesses and governments more time to respond to the epidemic.

The reprieve came late Monday, when the judge overseeing the U.S. government’s landmark case against an international cyber fraud network agreed that extending the deadline was necessary “to continue to provide remediation details to industry channels approved by the FBI.”

Feds Request DNSChanger Deadline Extension

February 22, 2012
39 Comments

Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet next month if a court approves a new request by the U.S. government. Meanwhile, six men accused of infecting and managing the huge collection of hacked PCs are expected to be extradited from their native Estonia to face charges in the United States.

How Not to Buy Tax Software

February 22, 2012
27 Comments

Scott Henry scoured the Web for a good deal on buying TurboTax. His search ended at Blvdsoftware.com, which advertised a great price and an instant download. But when it came time to install the software, Henry began to have misgivings about the purchase, and reached out KrebsOnSecurity for a gut-check on whether trusting the software with his tax information was a wise move.

Five days after Henry purchased the product, blvdsoftware.com vanished from the Internet.

Zeus Trojan Author Ran With Spam Kingpins

February 17, 2012
24 Comments

The cybercrime underground is expanding each day, yet the longer I research this subject the more convinced I am that much of it is run by a fairly small and loose-knit group of hackers. That suspicion was reinforced this week when I discovered that the author of the infamous ZeuS Trojan was a core member of Spamdot, until recently the most exclusive online forum for spammers and the shady businessmen who maintain the biggest spam botnets.

Thanks to a deep-seated enmity between the owners of two of the largest spam affiliate programs, the database for Spamdot was leaked to a handful of investigators and researchers, including KrebsOnSecurity. The forum includes all members’ public posts and private messages — even those that members thought had been deleted. I’ve been poring over those private messages in an effort to map alliances and to learn more about the individuals behind the top spam botnets.