Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.
A large number of bloggers using Wordpress are reporting that their sites were recently hacked and redirecting visitors to a page that tries to install malicious software.
The very first entry I posted at Krebs on Security, Virus Scanners for Virus Authors, introduced readers to two services that let virus writers upload their creations to see how well they are detected by various commercial anti-virus scanners on the market. In this follow-up post, I’ll take you inside of a pair of similar services that allow customers to periodically scan a malware sample ad receive alerts via instant message or e-mail when a new anti-virus product begins to detect the submission as malicious.
It’s common for malware writers to taunt one another with petty insults nested within their respective creations. Competing crime groups also often seek to wrest infected machines from one another. A very public turf war between those responsible for maintaining… Read More »
The presence of rogue anti-virus products, also known as scareware, on a Microsoft Windows computer is often just the most visible symptom of a more serious and insidious system-wide infection. To understand why, it helps to take a peek inside… Read More »
I asked or simply polled some of the most vigilant sources of this information for their recent data, and put together a rough chart indicating the Top Ten most prevalent ISPs from each of their vantage points. ISPs or hosts that show up more than others on these various lists are color-coded to illustrate consistency of findings (click the image to enlarge it). The trouble is, all of these individual efforts map badness from just one or a handful of perspectives, each of which may be limited in some way by particular biases, such as the type of threats that they monitor. For example, some measure only phishing attacks, while others concentrate on charting networks that play host to malicious software and botnet controllers.
Last week, security experts launched a sneak attack against Troyak, an Internet service provider in Eastern Europe that served as a gateway to a nest of cyber crime activity. For the past seven days, unnamed members of the security community reportedly have been playing Whac-a-Mole with Troyak, which has bounced from one legitimate ISP to the next in a bid to reconnect to the global Internet. But experts say Troyak’s apparent hopscotching is in fact the expected behavior from a carefully architected, round-robin network of backup and redundant carriers, all designed to keep a massive organized criminal operation online should a disaster like the Troyak disconnection strike.
Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information. Vincent Lim, monoprice.com’s operations manager, said the… Read More »
Security experts at Symantec have discovered a software application made for a USB-based battery charger sold by Energizer actually included a hidden backdoor that allowed unauthorized remote access to the user’s system. The backdoor Trojan is easily removed, but Symantec… Read More »
The online version of Technology Review today carries a story I wrote about a government funded research group that is preparing to release a new free tool designed to block “drive-by downloads,” attacks in which the mere act of visiting… Read More »
