Network Solutions Again Under Siege
Internet hosting provider Network Solutions is once again trying to limit the damage from a hacking incident that has left a large number of customer Web sites serving up malicious code.
Category Archives: Web Fraud 2.0
iPack Exploit Kit Bites Windows Users
Not long ago, there were only a handful of serious so-called “exploit packs,” crimeware packages that make it easy for hackers to booby-trap Web sites with code that installs malicious software. These days, however, it seems like we’re hearing about a new custom exploit kit every week. Part of the reason for this may be that more enterprising hackers are seeing the moneymaking potential of these offerings, which range from a few hundred dollars per kit to upwards of $10,000 per installation — depending on the features and plugins requested.
Java Patch Targets Latest Attacks
Oracle Corp. has shipped a new version of its Java software that nixes a feature in Java that hackers have been using to foist malicious software. Java 6 Update 20 was released sometime in the last 24 hours, and includes some security fixes, although Oracle’s documentation on that front is somewhat opaque. Most significantly, the update removes a feature that hackers have started using to install malware.
Unpatched Java Exploit Spotted In-the-Wild
Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.
Hundreds of WordPress Blogs Hit by ‘Networkads.net’ Hack
A large number of bloggers using Wordpress are reporting that their sites were recently hacked and redirecting visitors to a page that tries to install malicious software.
Virus Scanners for Virus Authors, Part II
The very first entry I posted at Krebs on Security, Virus Scanners for Virus Authors, introduced readers to two services that let virus writers upload their creations to see how well they are detected by various commercial anti-virus scanners on the market. In this follow-up post, I’ll take you inside of a pair of similar services that allow customers to periodically scan a malware sample ad receive alerts via instant message or e-mail when a new anti-virus product begins to detect the submission as malicious.
SpyEye vs. ZeuS Rivalry
It’s common for malware writers to taunt one another with petty insults nested within their respective creations. Competing crime groups also often seek to wrest infected machines from one another. A very public turf war between those responsible for maintaining… Read More »
AVprofit: Rogue AV + Zeus = $
The presence of rogue anti-virus products, also known as scareware, on a Microsoft Windows computer is often just the most visible symptom of a more serious and insidious system-wide infection. To understand why, it helps to take a peek inside… Read More »
Naming and Shaming ‘Bad’ ISPs
I asked or simply polled some of the most vigilant sources of this information for their recent data, and put together a rough chart indicating the Top Ten most prevalent ISPs from each of their vantage points. ISPs or hosts that show up more than others on these various lists are color-coded to illustrate consistency of findings (click the image to enlarge it). The trouble is, all of these individual efforts map badness from just one or a handful of perspectives, each of which may be limited in some way by particular biases, such as the type of threats that they monitor. For example, some measure only phishing attacks, while others concentrate on charting networks that play host to malicious software and botnet controllers.
Researchers Map Multi-Network Cybercrime Infrastructure
Last week, security experts launched a sneak attack against Troyak, an Internet service provider in Eastern Europe that served as a gateway to a nest of cyber crime activity. For the past seven days, unnamed members of the security community reportedly have been playing Whac-a-Mole with Troyak, which has bounced from one legitimate ISP to the next in a bid to reconnect to the global Internet. But experts say Troyak’s apparent hopscotching is in fact the expected behavior from a carefully architected, round-robin network of backup and redundant carriers, all designed to keep a massive organized criminal operation online should a disaster like the Troyak disconnection strike.
