In any given week, I read at least a dozen reports and studies, but I seldom write about them because their conclusions either are obvious or appear slanted toward generating demand for specific products and services. Occasionally, though, a report… Read More »
Hacked and malicious sites designed to steal data from unsuspecting users via malware and phishing are a dime a dozen, often located in the United States, and are a key target for takedown by ISPs and security researchers. But when online miscreants seek stability in their Web projects, they often turn to so-called “bulletproof hosting” providers, mini-ISPs that specialize in offering services that are largely immune from takedown requests and pressure from Western law enforcement agencies.
Chatter in the hacker underground suggests that certain elements within that community have conspired to end development of the infamous ZeuS banking Trojan, and to merge its code base with that of the up-and-coming SpyEye Trojan. This Web Fraud 2.0. acquisition appears to be a bid to build a more powerful e-banking threat whose sale is restricted to a more exclusive group of crooks.
Individuals who normally promote unlicensed, fly-by-night Internet pharmacies recently registered thousands of hardcore porn and bestiality Web sites using contact information for the founder of a company that has helped to shutter more than 10,000 of these Internet pill mills over the past year, KrebsOnSecurity.com has learned.
Since the dawn of the Internet, tutorials showing would-be scammers how to fleece others have been available online, and there is a growing catalog of fraud instructional videos as well. But for novices who who can’t be bothered to scour the ‘Net for these far flung free resources, the tricks of the trade can now be learned through intensive one-on-one apprenticeships that are sold online like community college classes in e-thievery.
An organized cyber crime gang known for aggressively pushing male enhancement drugs and other knockoff pharmaceuticals used Internet addresses belonging to Microsoft in a massive denial-of-service attack against KrebsOnSecurity.com late last month.
I have long urged readers who have no need for Java to remove the program, because failing to keep this software updated with the latest security patches exposes users to dangerous, ubiquitous attacks. In this blog post, I’ll show readers how attacks against Java vulnerabilities have fast emerged as the top moneymaker for authors of the best-selling “exploit kits,” commercial software designed to be stitched into hacked or malicious sites to exploit a variety of Web-browser vulnerabilities.
Take one look at the newest kit on the block – “Blackhole” — and it is plain that Java vulnerabilities continue to be give attackers the most mileage and profit, and have surpassed Adobe flaws as the most successful exploit vehicles.
Troy Owen never thought he’d see the day when the cyber thieves who robbed his company of $800,000 would ever be charged with any crime. Owens said that investigators told him that the perpetrators were mostly overseas in places like Ukraine and Moldova, and that it might be tough to catch those responsible.
But on Thursday afternoon, authorities in New York announced they had charged more than 60 individuals — and arrested 20 — in connection with international cyber heists perpetrated against dozens of companies in the United States, including Owen’s.
A major new malware spam campaign mimicking invites sent via business networking site LinkedIn.com leverages user trust and a kitchen sink of browser exploits in a bid to install the password-stealing ZeuS Trojan.
Spamit, a closely guarded affiliate program that for years has paid some of the world’s top spammers to promote counterfeit pharmacy Web sites, now says that it will close up shop at the end of September.
