Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Crooks Hack Music Players For ATM Skimmers

tsu doh nimh Re:Ballpeen hammer (82 comments)

Pull skimmer equipment off the ATM and walk away with it and your are likely to get busted by feds or local cops who may be monitoring the machine. If not, you are likely to be confronted by the scammer who put the thing there in the first place. It's not uncommon for these things to disappear the minute someone from the bank notices something's wrong and goes inside to report it. That's because the thieves often are somewhere nearby watching the machine.

more than 3 years ago
top

Cybercriminals Shifting To Bugat

tsu doh nimh I just love press releases (48 comments)

Wondering how much this "story" actually differs from the Trusteer press release, below: NEWS RELEASE FOR IMMEDIATE DISTRIBUTION
Trusteer Researchers Find Criminals are Diversifying Financial Attacks with New Version of Bugat Malware

Bugat Quietly Distributed in Recent LinkedIn Phishing Assault; Unlike Zeus Trojan, it is Less Well Known and Harder to Detect

NEW YORK, Oct. 12, 2010 -Trusteer, the leading provider of secure browsing services, today announced that its researchers have discovered a new version of the Bugat financial malware used to commit online fraud. Bugat was distributed in the recent phishing campaign targeting LinkedIn users, which was generally considered to be trying to infect machines with the more common Zeus Trojan. The emergence of this new version of Bugat appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known and therefore harder to detect and block.

Bugat is similar in functionality to its better known financial malware brethren Zeus, Clampi and Gozi. It targets Internet Explorer and Firefox browsers and harvests information during online banking sessions. The stolen financial credentials are used to commit fraudulent Automated Clearing House

(ACH) and wire transfer transactions mostly against small to midsized businesses, which result in high-value losses. Bugat is three times more common in the US than Europe, but its distribution is still fairly low.

In last week's attack, LinkedIn users received emails reminding them of pending messages in their account and providing a malicious URL. When a victim clicked on the link they were directed to a fraudulent website where a java applet fetched and installed the Bugat executable. LinkedIn spam email is an effective tool to push malware to enterprise users, and is being used to gather credentials for commercial bank accounts and other sensitive services used by businesses.

"Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection,"

said Mickey Boodaei, CEO of Trusteer. "We are in an arms race with criminals. Although Zeus gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye which are just as deadly and quietly expanding their footprint across the internet."

Trusteer warns that the recent industry focus on Zeus is making it easier for other Trojans, like Bugat, SpyEye, and Carberp which are less wide spread but equally sophisticated, to avoid detection. Carberp currently targets nine banks in the United States, Denmark, The Netherlands, Germany, and Israel. These lesser known financial malware platforms are expected to increasingly compete with the Zeus toolkit to become the new Trojan of choice for criminal groups.

Blocking and Removing Bugat

The Trusteer Secure Browsing Service protects banking and other online sessions by blocking attacks and then disinfecting machines that are infected with Bugat and other financial malware including Zeus, SpyEye, and Carberp. When a Trusteer user browses to sensitive websites such as internet banking, Webmail, or online payment pages, the service immediately locks down the browser and creates a tunnel for safe communication with the web site. This prevents malware like Bugat from injecting data and stealing information entered and presented in the browser. The service is directly connected to the bank (or other online business protected by Trusteer) and to Trusteer's 24x7 fraud analysis service. Attempts to steal money from consumers protected by Trusteer are immediately detected by the bank or operator of the website and are blocked using various layers of protection.

more than 3 years ago
top

Banks Urge Businesses To Lock Down Online Banking

tsu doh nimh Re:what about this (201 comments)

the malware discussed in the blog posts linked from the summary illustrates how the crooks are defeating securID-like tokens, as well. Zeus, eg., is often seen in an attack rewriting the HTML of the bank's Web site as the victim sees it in his or her browser. In the simplest case, where the code is required at login, the attackers simply serve the victim with a maintenance page (down for maintenance, please try back in 15 min). e.g., Beware of Error Pages at Bank Web Sites Some banks require businesses to provide a SecurID or other token key when they initiate a wire or ACH transfer. This is getting closer to the solution, but a lot of commercial banks don't like to require that because many customers initiate such a high number of transfers each day, that it becomes impractical. The hard-to-attack solution, which really doesn't address the usability issue -- is to require the SecurID number both on login and on transfer.

more than 5 years ago
top

Washington Post Blog Shuts Down 75% of Online Spam

tsu doh nimh IronPort reports 66 percent drop in spam Tuesday (335 comments)

From their press release: "In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening."

more than 5 years ago

Submissions

top

Service Drains Competitors' Google AdWords Budgets

tsu doh nimh tsu doh nimh writes  |  about 2 months ago

tsu doh nimh (609154) writes "KrebsOnSecurity looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.The service allows companies to attack competitors by raising their costs or exhausting their ad budgets early in the day. Advertised on YouTube and run by a guy boldly named “GoodGoogle,” the service employs a combination of custom software and hands-on customer service, and promises clients the ability to block the appearance of competitors’ ads. From the story: "The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle’s software and service to sideline a handful of competitors’s ads indefinitely.""
Link to Original Source
top

Microsoft Kills Security Update Emails, Blames Canada

tsu doh nimh tsu doh nimh writes  |  about 3 months ago

tsu doh nimh (609154) writes "In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company’s recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software. Some anti-spam experts who worked very closely on Canada’s Anti-Spam Law (CASL) say they are baffled by Microsoft’s response to a law which has been almost a decade in the making. Indeed, an exception in the law says it does not apply to commercial electronic messages that solely provide “warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased.” Several people have observed that Microsoft likely is using the law as a convenient excuse for dumping an expensive delivery channel."
Link to Original Source
top

P.F. Chang's Investigating Credit Card Breach Nationwide

tsu doh nimh tsu doh nimh writes  |  about 4 months ago

tsu doh nimh (609154) writes "Nationwide chain P.F. Chang’s China Bistro said Tuesday that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide.On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014.The ad for the Ronald Reagan batch of cards also includes guidance for potential customers who wish to fund their accounts via Western Union or MoneyGram wire transfers, advice that strongly suggests those involved in this apparent heist are once again from Russia and Eastern Europe: "Western Union transfers will be received in the next 48-72 hours! Money Gram transfers will be received 10-11 of June. Please note: 12, 13, 14, 15 of June are the government holidays in the drops country and Money Gram transfers will be received starting Monday June 16th." June 12 is "Russia Day," a national holiday in Russia since 1992 that celebrates the declaration of state sovereignty of the Russian Soviet Federative Socialist Republic on June 12, 1990."
Link to Original Source
top

Justice Dept. Names ZeuS Trojan Author, Seizes Control Over P2P 'Gameover Botnet

tsu doh nimh tsu doh nimh writes  |  about 4 months ago

tsu doh nimh (609154) writes "The U.S. Justice Department announced today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and that the botnet is responsible for more than $100 million in losses from online banking account takeovers. The government alleges that Gameover also was rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. In a complaint unsealed today, the DOJ further alleges that ZeuS and Gameover are the brainchild of a Russian man named Evgeniy Mikhailovich Bogachev, a.k.a. "Slavik.""
Link to Original Source
top

Canadian Teen Arrested for Calling in 30+ Swattings, Bomb Threats

tsu doh nimh tsu doh nimh writes  |  about 5 months ago

tsu doh nimh (609154) writes "A 16-year-old male from Ottawa, Canada has been arrested for allegedly making at least 30 fraudulent calls — including bomb threats and "swattings" — to emergency services across North America over the past few months. Canadian media isn't identifying the youth because of laws that prevent the disclosure, but the alleged perpetrator was outed in a dox on Pastebin that was picked up by journalist Brian Krebs, who was twice the recipient of attempted swat raids at the hand of this kid. From the story: "I told this user privately that targeting an investigative reporter maybe wasnâ(TM)t the brightest idea, and that he was likely to wind up in jail soon. But @ProbablyOnion was on a roll: That same day, he hung out his for-hire sign on Twitter, with the following message: âoewant someone swatted? Tweet me their name, address and Iâ(TM)ll make it happen.â"
Link to Original Source
top

Florida Arrests High-Dollar Bitcoin Exchangers for Money Laundering

tsu doh nimh tsu doh nimh writes  |  about 8 months ago

tsu doh nimh (609154) writes "State authorities in Florida on Thursday announced criminal charges targeting three men who allegedly ran illegal businesses moving large amounts of cash in and out of the Bitcoin virtual currency. Experts say this is likely the first case in which Bitcoin vendors have been prosecuted under state anti-money laundering laws, and that prosecutions like these could shut down one of the last remaining avenues for purchasing Bitcoins anonymously."
Link to Original Source
top

Michaels Stores Investigating Possible Data Breach

tsu doh nimh tsu doh nimh writes  |  about 8 months ago

tsu doh nimh (609154) writes "Michaels Stores In., which runs more than 1,250 crafts stores across the United States, said Saturday that it is investigating a possible data breach involving customer cardholder information. According to Brian Krebs, the journalist who broke the story and news of the Target and Neiman Marcus breaches, the U.S. Secret Service has confirmed it is investigating. Krebs cited multiple sources in the banking industry saying they were tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc. In response to that story, Michaels issued a statement saying it "recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.” In 2011, Michaels disclosed that attackers had physically tampered with point-of-sale terminals in multiple stores, but so far there are no indications what might be the cause of the latest breach. Both Target and Neiman Marcus have said the culprit was malicious software designed to steal payment card data, and at least in Target's case that's been shown to be malware made to infect retail cash registers."
Link to Original Source
top

The Case for a Global, Compulsory Bug Bounty

tsu doh nimh tsu doh nimh writes  |  about 9 months ago

tsu doh nimh (609154) writes "Security experts have long opined that one way to make software more secure is to hold software makers liable for vulnerabilities in their products. This idea is often dismissed as unrealistic and one that would stifle innovation in an industry that has been a major driver of commercial growth and productivity over the years. But a new study released this week presents perhaps the clearest economic case yet for compelling companies to pay for information about security vulnerabilities in their products. Stefan Frei, director of research at NSS Labs, suggests compelling companies to purchase all available vulnerabilities at above black-market prices, arguing that even if vendors were required to pay $150,000 per bug, it would still come to less than two-tenths of one percent of these companies' annual revenue. To ensure that submitted bugs get addressed and not hijacked by regional interests, Frei also proposes building multi-tiered, multi-region vulnerability submission centers that would validate bugs and work with the vendor and researchers. The questions is, would this result in a reduction in cybercrime overall, or would it simply hamper innovation? As one person quoted in the article points out, a majority of data breaches that cost companies tens of millions of dollars have far more to do with other factors unrelated to software flaws, such as social engineering, weak and stolen credentials, and sloppy server configurations."
Link to Original Source
top

Meet Paunch: The Accused Author of the BlackHole Exploit Kit

tsu doh nimh tsu doh nimh writes  |  about 10 months ago

tsu doh nimh (609154) writes "In early October, news leaked out of Russia that authorities there had arrested and charged the malware kingpin known as "Paunch," the alleged creator and distributor of the Blackhole exploit kit. Today, Russian police and computer security experts released additional details about this individual, revealing a much more vivid picture of the cybercrime underworld today. According to pictures of the guy published by Brian Krebs, if the Russian authorities are correct then his nickname is quite appropriate. Paunch allegedly made $50,000 a month selling his exploit kit, and worked with another guy to buy zero-day browser exploits. As of October 2013, the pair had budgeted $450,000 to purchase zero-days. From the story: "The MVD estimates that Paunch and his gang earned more than 70 million rubles, or roughly USD $2.3 million. But this estimate is misleading because Blackhole was used as a means to perpetrate a vast array of cybercrimes. I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years. A majority of Paunchâ(TM)s customers were using the kit to grow botnets powered by Zeus and Citadel, banking Trojans that are typically used in cyberheists targeting consumers and small businesses.""
Link to Original Source
top

Europol, Microsoft Target 2-million Strong ZeroAccess Click Fraud Botnet

tsu doh nimh tsu doh nimh writes  |  about 10 months ago

tsu doh nimh (609154) writes "Authorities in Europe joined Microsoft Corp. this week in disrupting "ZeroAccess," a vast botnet that has enslaved more than two million PCs with malicious software in an elaborate and lucrative scheme to defraud online advertisers. KrebsOnSecurity.com writes that it remains unclear how much this coordinated action will impact the operations of ZeroAccess over the long term, but for now the PCs infected with the malware remain infected and awaiting new instructions. ZeroAccess employs a peer-to-peer (P2P) architecture in which new instructions and payloads are distributed from one infected host to another. The actions this week appear to have targeted the servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers, including Microsoft. While this effort will not disable the ZeroAccess botnet (the infected systems will likely remain infected), it should allow Microsoft to determine which online affiliates and publishers are associated with the miscreants behind ZeroAccess, since those publishers will have stopped sending traffic directly after the takedown occurred. Europol has a released a statement on this action, and Microsoft has published a large number of documents related to its John Doe lawsuits intended to unmask the botnet the ZeroAccess operators and shut down the botnet."
top

Limo Company Hack Exposes Juicy Targets, 850k Credit Card Numbers

tsu doh nimh tsu doh nimh writes  |  about a year ago

tsu doh nimh (609154) writes "A compromise at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. Krebsonsecurity.com writes about the break-in, which involved the theft of information on celebrities like Tom Hanks and LeBron James, as well as lawmakers such as the chairman of the U.S. House Judiciary Committee. The story also examines the potential value of this database for spies, drawing a connection between recent personalized malware attacks against Kevin Mandia, the CEO of incident response firm Mandiant. In an interview last month with Foreign Policy magazine, Mandia described receiving spear phishing attacks that spoofed receipts for recent limo rides; according to Krebs, the info for Mandia and two other Mandiant employees was in the stolen limo company database."
Link to Original Source
top

A Closer Look at the Syrian Electronic Army

tsu doh nimh tsu doh nimh writes  |  about a year ago

tsu doh nimh (609154) writes "Yesterday saw the publication of two stories focusing on two different Syrian men thought to be core members of the Syrian Electronic Army, the hacking group that took credit for recent break-ins that compromised the Web sites of The New York Times, The Washington Post and other media outlets. Working with a source who says he hacked into the SEA's servers this year, Vice.com profiles a fairly high-profile SEA member who uses the nickname "ThePro" and outs him as a young man named Hatem Deeb. Separately, Brian Krebs managed to get hold of the SQL database for the SEA's Web site after it was allegedly hacked this year, and follows a trail of clues back to one of two administrators of the SEA, which leads to another Syrian guy — a Web developer named Mohammed Osman, a.k.a. Mohamed Abd AlKarem."
top

Researchers Buy Twitter Bots to Fight Twitter Spam

tsu doh nimh tsu doh nimh writes  |  about a year ago

tsu doh nimh (609154) writes "The success of social networking community Twitter has given rise to an entire shadow economy that peddles dummy Twitter accounts by the thousands, primarily to spammers, scammers and malware purveyors. But new research on identifying bogus accounts has helped Twitter to drastically deplete the stockpile of existing accounts for sale, and holds the promise of driving up costs for both vendors of these shady services and their customers. Krebsonsecurity.com writes about a paper (PDF) being released today at the USENIX conference that details how researchers spent almost a year and $5,000 buying up accounts from 27 twitter account merchants, and then built templates to help Twitter detect accounts sold by these merchants — all with the aim of getting more of these bot accounts shut down before they can be used to spam legitimate Twitter users. The story goes into great detail on the lengths to which these account merchants will go to evade Twitter's anti-bot security measures."
Link to Original Source
top

DEF CON Advises Feds Not to Attend Conference

tsu doh nimh tsu doh nimh writes  |  about a year ago

tsu doh nimh (609154) writes "One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is "Spot-the-Fed," a playful and mostly harmless contest to out undercover government agents that attend the show each year. But that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay away: "I think it would be best for everyone involved if the feds call a âtime-outâ(TM) and not attend DEF CON this year," conference organizer Jeff Moss wrote in a short post at Defcon.org. Krebsonsecurity writes that after many years of mutual distrust, the hacker community and the feds buried a lot of their differences in the wake of 911, with the director of NSA even delivering the keynote at last year's conference. But this year? Spot the fed may just turn into hack-the-fed."
Link to Original Source
top

How Much is Your Gmail Account Worth to Crooks?

tsu doh nimh tsu doh nimh writes  |  about a year ago

tsu doh nimh (609154) writes "If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new OAuth service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground. From KrebsOnSecurity: "The brainchild of researchers at the University of Illinois at Chicago, Cloudsweeperâ(TM)s account theft audit tool scans your inbox and presents a breakdown of how many accounts connected to that address an attacker could seize if he gained access to your Gmail. Cloudsweeper then tries to put an aggregate price tag on your inbox, a figure thatâ(TM)s computed by totaling the resale value of other account credentials that crooks can steal if they hijack your email.""
Link to Original Source
top

Bit9 Breach Dates to July 2012, Tied to Attacks on U.S. Defense Firms

tsu doh nimh tsu doh nimh writes  |  about a year and a half ago

tsu doh nimh (609154) writes "Last week, Bit9 — a security firm that offers application whitelisting services — disclosed that some of its customers had received malware signed with its secret digital certificates. The company has refused to say much about which customers were targeted, but a story by Brian Krebs today shows that the Bit9 certificate was stolen back in July 2012, and that the attack involved custom malware that was discovered by forensics firm Mandiant last August as the company was responding to several targeted breaches at U.S. defense contractors. The Bit9 breach is sure to add fuel to the fire over whether China's military is sponsoring these attacks, as claimed in a 70+page report issued by Mandiant earlier this week."
Link to Original Source
top

Bit9 Hacked, Stolen Certs Used to Sign Malware

tsu doh nimh tsu doh nimh writes  |  about a year and a half ago

tsu doh nimh (609154) writes "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered a compromise that cuts to the core of its business: helping clients distinguish known "safe" files from computer viruses and other malicious software. A leading provider of "application whitelisting" services, Bit9's security technology turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous. But in a blog post today, the company disclosed that attackers broke into its network and managed to steal the digital keys that Bit9 uses to distinguish good from bad applications. The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. The kicker? The firm said it failed to detect the intrusion in part because the servers used to store its keys were not running Bit9's own software."
Link to Original Source
top

Washington Post: We Were Also Hacked by the Chinese

tsu doh nimh tsu doh nimh writes  |  about a year and a half ago

tsu doh nimh (609154) writes "A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, the publication acknowledged on Friday. The disclosure came just hours after a former Post employee shared information about the break-in with ex-Postie reporter Brian Krebs, and caps a week marked by similar stories from The New York Times and The Wall Street Journal. Krebs cites a former Post tech worker saying that the publication gave one of its hacked servers to the National Security Agency for analysis, a claim that the Post's leadership denies. The story also notes that the Post relied on software from Symantec, the same security software that failed to detect intrusions at The New York Times for many months."
Link to Original Source
top

Java Zero-Day Vulnerability Rolled into Exploit Packs

tsu doh nimh tsu doh nimh writes  |  about a year and a half ago

tsu doh nimh (609154) writes "The miscreants who maintain Blackhole and Nuclear Pack â" competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware â" say theyâ(TM)ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname âoePaunch,â announced yesterday on several Underweb forums that the Java zero-day was a âoeNew Yearâ(TM)s Gift,â to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."
Link to Original Source
top

Turkish Registrar Enabled Phishing Attacks Against Google

tsu doh nimh tsu doh nimh writes  |  about a year and a half ago

tsu doh nimh (609154) writes "Google and Microsoft today began warning users about active phishing attacks against Google's online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by TURKTRUST Inc., a Turkish domain registrar. Google said that on Dec. 24, 2012, its Chrome Web browser detected and blocked an unauthorized digital certificate for the ".google.com" domain. "TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates," Google said in a blog post today. Microsoft issued an advisory saying it is aware of active attacks using one of the fraudulent digital certificates issued by TURKTRUST, and that the fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against virtually any domain. The incident harkens back to another similar compromise that happened around the same timeframe. In September 2011, Dutch certificate authority Diginotar learned that a security breach at the firm had resulted in the fraudulent issuing of certificates."
Link to Original Source

Journals

tsu doh nimh has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?