Chatter in the hacker underground suggests that certain elements within that community have conspired to end development of the infamous ZeuS banking Trojan, and to merge its code base with that of the up-and-coming SpyEye Trojan. This Web Fraud 2.0. acquisition appears to be a bid to build a more powerful e-banking threat whose sale is restricted to a more exclusive group of crooks.
Individuals who normally promote unlicensed, fly-by-night Internet pharmacies recently registered thousands of hardcore porn and bestiality Web sites using contact information for the founder of a company that has helped to shutter more than 10,000 of these Internet pill mills over the past year, KrebsOnSecurity.com has learned.
Since the dawn of the Internet, tutorials showing would-be scammers how to fleece others have been available online, and there is a growing catalog of fraud instructional videos as well. But for novices who who can’t be bothered to scour the ‘Net for these far flung free resources, the tricks of the trade can now be learned through intensive one-on-one apprenticeships that are sold online like community college classes in e-thievery.
An organized cyber crime gang known for aggressively pushing male enhancement drugs and other knockoff pharmaceuticals used Internet addresses belonging to Microsoft in a massive denial-of-service attack against KrebsOnSecurity.com late last month.
I have long urged readers who have no need for Java to remove the program, because failing to keep this software updated with the latest security patches exposes users to dangerous, ubiquitous attacks. In this blog post, I’ll show readers how attacks against Java vulnerabilities have fast emerged as the top moneymaker for authors of the best-selling “exploit kits,” commercial software designed to be stitched into hacked or malicious sites to exploit a variety of Web-browser vulnerabilities.
Take one look at the newest kit on the block – “Blackhole” — and it is plain that Java vulnerabilities continue to be give attackers the most mileage and profit, and have surpassed Adobe flaws as the most successful exploit vehicles.
Troy Owen never thought he’d see the day when the cyber thieves who robbed his company of $800,000 would ever be charged with any crime. Owens said that investigators told him that the perpetrators were mostly overseas in places like Ukraine and Moldova, and that it might be tough to catch those responsible.
But on Thursday afternoon, authorities in New York announced they had charged more than 60 individuals — and arrested 20 — in connection with international cyber heists perpetrated against dozens of companies in the United States, including Owen’s.
A major new malware spam campaign mimicking invites sent via business networking site LinkedIn.com leverages user trust and a kitchen sink of browser exploits in a bid to install the password-stealing ZeuS Trojan.
Spamit, a closely guarded affiliate program that for years has paid some of the world’s top spammers to promote counterfeit pharmacy Web sites, now says that it will close up shop at the end of September.
When you’re shopping for stolen credit and debit cards online, there are so many choices these days. A glut of stolen data — combined with innovation and cutthroat competition among vendors — is conspiring to keep prices for stolen account numbers exceptionally low. Even so, many readers probably have no idea that their credit card information is worth only about $1.50 on the black market.
Miscreants who control large groupings of hacked PCs or “botnets” are always looking for ways to better monetize their crime machines, and competition among rival exploit kit developers is leading to several ingenious new features. The SpyEye botnet kit, for example, now not only allows botnet owners to automate the extraction of credit card and other financial data from infected systems, but it also can be configured to use those credentials to gin up bogus sales at online stores set up by the botmaster.
