If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.
The apparent credit and debit card breach uncovered this week at Home Depot was aided in part by a new variant of the same malicious software that stole card account data from cash registers at Target last December, according to sources close to the investigation.
I recently encountered a botnet targeting Android smartphone users who bank at financial institutions in the Middle East. The crude yet remarkably effective mobile bot that powers this whole operation comes disguised as one of several online banking apps, has infected more than 2,700 phones, and has intercepted at least 28,000 text messages.
In March 2013 I wrote about Perkele, a crimeware kit designed to create malware for Android phones that can help defeat multi-factor authentication used by many banks. In this post, we’ll take a closer look at this threat, examining the malware as it is presented to the would-be victim as well as several back-end networks set up by cybercrooks who have been using Perkele to fleece banks and their customers.
Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is… Read More »
Security experts have spotted drive-by malware attacks exploiting a critical security hole in Windows that Microsoft recently addressed with a software patch. Separately, Symantec is warning users of its pcAnywhere remote administration tool to either update or remove the program, citing a recent data breach at the security firm that the company said could help attackers find holes in the aging software title.
Thousands of Twitter accounts apparently created in advance to blast automated messages are being used to drown out Tweets sent by bloggers and activists this week who are protesting the disputed parliamentary elections in Russia, security experts said.
Trend Micro’s Rik Ferguson posted a good piece on Thursday about a major shortcoming in credit card security programs maintained by MasterCard and Visa. Although the loophole that Ferguson highlighted may be unsettling to some, fraudsters who specialize in stealing and using stolen credit cards online have been exploiting it for years.
The proprietors of shadowy online businesses that have become synonymous with cybercrime in recent years were arrested in their native Estonia on Tuesday and charged with running a sophisticated click fraud scheme that infected with malware more than four million computers in over 100 countries — including an estimated 500,000 PCs in the United States. The law enforcement action was the result of a multi-year investigation, and is being called the “biggest cybercriminal takedown in history.”
In October 2010, I discovered that the authors of the SpyEye and ZeuS banking Trojans — once competitors in the market for botnet creation and management kits — were killing further development of ZeuS and planning to fuse the two malware families into one supertrojan. Initially, I heard some skepticism from folks in the security community about this. But three months later, security experts are now starting to catch glimpses of this new hybrid Trojan in the wild, as the author(s) begins shipping a series of beta releases that include updated features on a nearly-daily basis.
