‘Kill Zeus’ removes rival software from PCs, giving Spy Eye access to usernames, passwords.

Filed under: exploit, hax, malware, security | No Comments »

Botnet and malware creeps are setting up their own ISPs, with their own IP blocks, so that spamfighters don’t have anyone to complain to when they run them to ground…
“It’s gotten completely out of hand. The bad guys are going to some local registries in Europe and getting massive amounts of IP space and then [...]

Filed under: hax, malware, spam | No Comments »

With DEFCON and Black Hat going on, a lot of security issues are being made public. This year, cellphones have been a larger target than before. More and more people are carrying complex smartphones that have more ways to go wrong. Even worse, since phones are tied to a billed account, it is possible for [...]

Filed under: crackberry, malware | No Comments »

On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.

Filed under: apple, exploit, malware, pwned, security | No Comments »

Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla’s new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, LandoftheFreeish.com is posting instructions to help readers protect themselves from this vulnerability.
The security hole has to do with a flaw in the [...]

Filed under: exploit, firefox, malware, security, vulnerabilities | No Comments »

Researchers in 2008 disclosed Windows video control vulnerability that’s now spreading attacks to some .com, .org Websites.

Filed under: malware | No Comments »

Years ago, my friend told me he thought accounts of the spread of botnets (massive networks of virus-compromised machines that can be used in concert to send spam, attack servers, et cetera) were overblown, because if botnets were really all pervasive, then the price of using them should have crashed. Now comes this spam, on [...]

Filed under: malware | No Comments »

Chinese ‘censorware’ will expose every PC in the nation of malware, ID theft, & botnetting

Filed under: malware, security | No Comments »

Attention NoScript users · by Wladimir Palant
Recently I wrote about how not giving extension developers a good way to earn money might lead to very undesirable effects. The recent events give an impression of the kind of effects we should expect here. This is going to be about the popular NoScript extension which happens to make [...]

Filed under: b3st pract1c3s, codemonkey, firefox, free open source software, malware, security, spam | No Comments »

Net-Security suggests that, to scan for Conficker, you can a command such as:
nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 [targetnetworks]

Filed under: malware | No Comments »

Scareware more pervasive than thought, while data breaches more about lost and stolen equipment than hackers, according to new Microsoft Security Intelligence Report.

Filed under: malware, micro$oft | No Comments »

The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker’s characteristics.
The worm ‘Neeris’ has been active for a few years, but has been updated to target the same Microsoft flaw MS08-067 – which Conficker exploited to become so successful.
Other similarities between [...]

Filed under: exploit, malware, micro$oft, security | No Comments »

Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software.
Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an update, or flash, [...]

Filed under: hax, malware, security | No Comments »

Cliff Notes: Symantec releases an update that searches your internet history, Google searches, and index dat files. The program records them and has a wait on it as in what to do with the information it has gathered. Well, /g/ found out, told /x/ and the internet was informed. Hackers opened everything up and looked [...]

Filed under: malware, micro$oft, news | No Comments »

What could keep you up at night in the new year may not be what you expect — a look at some of the lesser-known threats predicted for 2009.

Filed under: exploit, malware, privacy, security, spam, vulnerabilities | No Comments »

As we try to figure out the future of the cloud, one thing is assured: developers will drive both deployment and consumption approaches. As is common to so many other major software shifts, developers lead, regardless of what vendors want the market to look like.
With the exception of Amazon.com and Google, neither of which are [...]

Filed under: linux, malware, news | No Comments »

Malware masquerading as part of Apple’s iWork ‘09 suite has targeted unsuspecting Mac users foolish enough to illegally download and install the pirated version of the software commonly found on warez sites around the Web.
Once downloaded and installed, the trojan named OSX.Trojan.iServices.A has unrestrained root access, which it immediately uses to connect to a remote server over the [...]

Filed under: apple, malware, security | No Comments »

PandaLabs has identified a botnet running a malware campaign impersonating president-elect Obama’s website. The front page of the site features a sensational story titled “Barack Obama has refused to be a president”. Clicking the link will download the malware and make the target’s machine part of the botnet. They’re using fast-flux to assign the malicious [...]

Filed under: malware, politics | No Comments »

Philosecurity has an interview with Matt Knox, a former coder for Direct Revenue, an adware company which was sued in 2006 by New York governor Eliot Spitzer. The interview contains some interesting details of how the adware code worked internally: it created a Browser Helper Object, then ensured that the Browser Helper Object stayed up [...]

Filed under: malware | No Comments »

I’m surprised they haven’t started using double negatives yet… “Do you not not want to cancel your subscription? If you do want to not cancel, press cancel. If you do want to cancel, don’t press OK.”

Filed under: malware | No Comments »