Pavel Vrublevsky, the owner of Russian payments firm ChronoPay and the subject of an upcoming book by this author, was sentenced to two-and-half years in a Russian penal colony this week after being found guilty of hiring botmasters to attack a rival… Read More »
Hackers are actively exploiting a dangerous security vulnerability in OpenX — an online ad-serving solution for Web sites — to run booby-trapped ads that serve malware and browser exploits across countless Web sites that depend on the solution.
Security experts have been warning for months about mysterious attacks on OpenX installations in which the site owners discovered new rogue administrator accounts. That access allows miscreants to load tainted ads on sites that rely on the software. The bad ads usually try to foist malware on visitors, or frighten them into paying for bogus security software.
OpenX is only now just starting to acknowledge the attacks, as more users are coming forward with unanswered questions about the mysteriously added accounts.
Members of an exclusive underground hacker forum recently sought to plant malware on KrebsOnSecurity.com, by paying to run tainted advertisements through the site’s advertising network — Federated Media. The attack was unsuccessful thanks to a variety of safeguards, but it highlights the challenges that many organizations face in combating the growing scourge of “malvertising.”
Make enough contacts in the Internet security community and you will probably learn that many of the folks involved in defending computers and networks against criminals got started in security by engaging in online illegal activity of one sort or another. These personal shifts are sometimes motivated by ethical and personal safety reasons, but just as often grey- and black hat hackers gravitate toward the defensive side simply because it is more intellectually challenging.
On Wednesday I wrote that many of the top fake antivirus distribution programs had ceased operations, citing difficulty in processing credit card transactions from victims. Others are starting to take note of the trend: Security firm McAfee says it has witnessed a dramatic drop in the number of customers reporting scareware detections in recent weeks.
Russian authorities on Thursday arrested Pavel Vrublevsky, co-founder of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals. Vrublevsky, 32, is probably best known as the co-owner of the Rx-Promotion rogue… Read More »
Purveyors of fake anti-virus or “scareware” programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google.
Purveyors of rogue anti-virus, a.k.a. “scareware,” often seize upon hot trending topics in their daily efforts to beef up the search engine rankings of their booby-trapped landing pages. So it’s perhaps no surprise that these scammers are capitalizing on search terms surrounding McAfee, which just yesterday shipped a faulty anti-virus update that caused serious problems for a large number of customers.