Dropbox: Password Breach Led to Spam

Two weeks ago, many Dropbox users began suspecting a data breach at the online file-sharing service after they started receiving spam at email addresses they’d created specifically for use at Dropbox. Today, the company confirmed that suspicion, blaming the incident on a Dropbox employee who had re-used his or her Dropbox password at another site … Читать далее

Email-Based Malware Attacks, July 2012

Last month’s post examining the top email-based malware attacks received so much attention and provocative feedback that I thought it was worth revisiting. I assembled it because victims of cyberheists rarely discover or disclose how they got infected with the Trojan that helped thieves siphon their money, and I wanted to test conventional wisdom about … Читать далее

Tagging and Tracking Espionage Botnets

A security researcher who’s spent 18 months cataloging and tracking malicious software that was developed and deployed specifically for spying on governments, activists and industry executives says the complexity and scope of these cyberspy networks now rivals many large conventional cybercrime operations. Joe Stewart, senior director of malware research at Atlanta-based Dell SecureWorks, said he’s … Читать далее

ATM Skimmers Get Wafer Thin

It’s getting harder to detect some of the newer ATM skimmers, fraud devices attached to or inserted into cash machines and designed to steal card and PIN data. Among the latest and most difficult-to-spot skimmer innovations is a wafer-thin card reading device that can be inserted directly into the ATM’s card acceptance slot. That’s according … Читать далее

DoItQuick: Fast Domains for Dirty Deeds

A new service offered in the cybercriminal underground is geared toward spammers, scammers and malware purveyors interested in mass-registering dozens of dodgy domains in one go. DoItQuick offers mass registration of malware domains. The service — doitquick.net — will auto-register up to 15 domains simultaneously, choosing randomly named domains unless the customer specifies otherwise. DoItQuick … Читать далее

Top Spam Botnet, “Grum,” Unplugged

Nearly four years after it burst onto the malware scene, the notorious Grum spam botnet has been disconnected from the Internet. Grum has consistently been among the top three biggest spewers of junk email, a crime machine capable of blasting 18 billion messages per day and responsible for sending about one-third of all spam. Source: … Читать далее

Cyberheist Smokescreen: Email, Phone, SMS Floods

It was early October 2011, and I was on the treadmill checking email from my phone when I noticed several hundred new messages had arrived since I last looked at my Gmail inbox just 20 minutes earlier. I didn’t know it at the time, but my account was being used to beta test a private … Читать далее

Spammers Target Dropbox Users

“Always have your stuff when you need it with Dropbox.” That’s the marketing line for the online file storage service, but today users have had difficulty logging into the service. The outages came amid reports that many European Dropbox users were being blasted with spam for online casinos, suggesting some kind of leak of Dropbox … Читать далее

How to Break Into Security, Bejtlich Edition

For this fourth installment of advice columns aimed at people who are interested in learning more about security as a craft or profession, I reached out to Richard Bejtlich, a prominent security blogger who last year moved from a job as director of incident response at General Electric to chief security officer at security forensics … Читать далее

Spy Software Aims to Corral Money Mules

Borrowing from the playbook of corporations seeking better ways to track employee productivity, some cybercriminal gangs are investing in technologies that help them keep closer tabs on their most prized assets: “Money mules,” individuals willingly or unwittingly recruited to help fraudsters launder stolen funds. It seems that at least one mule recruitment gang employs custom … Читать далее