Bredolab Mastermind Was Key Affiliate

The man arrested in Armenia last week for allegedly operating the massive “Bredolab” botnet — a network of some 30 million hacked Microsoft Windows PCs that were rented out to cyber crooks — appears to have generated much of his clientele as an affiliate of, the global spamming operation whose members are blamed for … Читать далее

Critical Fixes for Shockwave, Firefox

Adobe Systems pushed out a critical security update for its Shockwave Player that fixes nearly a dozen security vulnerabilities.  The software maker also is warning that attackers are targeting a previously unidentified security hole in its Acrobat and PDF Reader products. The Shockwave patch plugs 11 security holes in program, most of which attackers could … Читать далее

Koobface Worm Targets Java on Mac OS X

A new version of the infamous Koobface worm designed to attack Mac OS X computers is spreading through Facebook and other social networking sites, security experts warn. Security software maker Intego says this Mac OS X version of the Koobface worm is being served as part of a multi-platform attack that uses a malicious Java … Читать далее

Firesheep: Baaaaad News for the Unwary

“Firesheep,” a new add-on for Firefox that makes it easier to hijack e-mail and social networking accounts of others who are on the same wired or wireless network, has been getting some rather breathless coverage by the news media, some of whom have characterized this a new threat. In reality, this tool is more of … Читать далее

Nobel Peace Prize Site Serves Firefox 0day

The Web site for the Nobel Peace Prize has been serving up malicious software that takes advantage of a newly-discovered security hole in Mozilla Firefox, computer security experts warned today. Oslo-based Norman ASA warned that visitors who browsed the Nobel Prize site with Firefox while the attack was active early Tuesday may have had malicious … Читать далее

FBI: Beware Haitian Quake Relief Scams

The earthquakes that have wrought so much devastation and death in Haiti this week are moving many to donate to various relief efforts. But security experts and the FBI are warning people to be on the lookout for ghoulish criminals scams that invariably spring up in the wake of such natural disasters in a bid … Читать далее

SpyEye v. ZeuS Rivalry Ends in Quiet Merger

Leading malware developers within the cyber crime community have conspired to terminate development of the infamous ZeuS banking Trojan and to merge its code base with that of the up-and-coming SpyEye Trojan, new evidence suggests. The move appears to be aimed at building a superior e-banking threat whose sale is restricted to a more exclusive … Читать далее

Would You Have Spotted this ATM Fraud?

ATM skimmer found on a Wachovia ATM in Alexandria Feb. 28. The stories I’ve written on ATM skimmers — devices criminals can attach to bank money machines to steal customer data — remain the most popular at Krebs on Security so far. I think part of the public’s fascination with these fraud devices is rooted … Читать далее

Pill Gangs Besmirch LegitScript Founder

Individuals who normally promote unlicensed, fly-by-night Internet pharmacies recently registered hundreds of hardcore porn and bestiality Web sites using contact information for the founder of a company that has helped to shutter more than 10,000 of these Internet pill mills over the past year, has learned. The reputation attack is the latest sortie in … Читать далее

Critical RealPlayer Update

Real Networks Inc. has released a new version of RealPlayer that fixes at least seven critical vulnerabilities that could be used to compromise host systems remotely if left unpatched. I’ve never hidden my distaste for this program, mainly due to its history of unnecessarily tracking users, installing oodles of third party software, and serving obnoxious … Читать далее