news: Cyber Crime 2007

Mousey

Ueber Meister Mouse
Joined
Sep 12, 2004
Location
Up$hitCreek
Let's be careful out there...

Outdated URL (Invalid)
In 2007, Online Fraud Got More Targeted and Sophisticated

By Brian Krebs
washingtonpost.com Staff Writer
Thursday, December 20, 2007; 1:00 PM

The year 2007 may go down in the annals of Internet crime as the year when organized cyber criminals finally got serious about their marketing strategies -- crafting cyber schemes that were significantly more sophisticated and stealthy.

Security experts say criminals are increasingly trying to ensnare Internet users by lurking on familiar Web sites and using purloined data to craft scam e-mails that are more believable, and thus more likely to entice an unsuspecting user.

"The attackers are...
 
You do not have permission to view link Log in or register now.
By Thomas Claburn
InformationWeek
Wed Dec 19, 9:30 AM ET

New Trojan software has been found picking the pockets of Google and its publishing partners, and potentially exposing Web surfers to more malware.

BitDefender, a software security company based in Bucharest, Romania, on Tuesday said that it had detected a new Trojan (Trojan.Qhost.WU) that replaces Google AdSense text ads with ads from a different, potentially malicious provider.

"This is a serious situation that damages users and Webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst, in a statement. "Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their Web sites."

Google said in an...
 
You do not have permission to view link Log in or register now.
Reported In 2007 By Thomas Claburn
InformationWeek
Mon Dec 31, 5:10 PM ET



The number of publicly reported data breaches in the U.S. rose by more than 40% in 2007, compared to the previous year, according to statistics compiled by the Identity Theft Resource Center (ITRC), a consumer rights advocacy group.

In its December 24 report, the ITRC said that there were publicly reported 443 breaches in the U.S. in 2007. In 2006, the ITRC identified 315 publicized breaches.

Some 127 million data records were exposed during 2007. In 2006, nearly 20 million records were exposed. In 2005, there were 158 breaches reported involving about 65 million records.

The ITRC will have to update its list to reflect breaches reported during the last seven days of the year, something organization founder Linda Foley said would happen next week.

On Friday, the Tennessean.com reported that someone broke into a Davidson County election office over the Christmas holiday and stole laptops believed to contain the Social Security numbers and other personal information for more than 337,000 registered voters in the ....
 
You do not have permission to view link Log in or register now.
By Thomas Claburn
InformationWeek
Fri Jan 4, 6:40 PM ET



Sears' IT practices have come under fire from spyware researcher Benjamin Edelman, who alleges that Sears is installing online tracking software from ComScore without adequate consent and that Sears is exposing its customers' purchase histories in violation of its privacy policy.

In two reports published this week, Edelman, an assistant professor at the Harvard Business School and noted spyware researcher, said that Sears' installation of online tracking software from ComScore falls short of the standards established by the Federal Trade Commission.

"The FTC requires that software makers and distributors provide clear, prominent, unavoidable notice of the key terms," said Edelman in his Jan. 1 report. Sears Holding Co.'s "installation of comScore did nothing of the kind."

Benjamin Googins, a researcher at security company...
 
This is from the little podunk town where I live.... People, PLEASE use your brains when in internet chat rooms and forums, or replying to stupid get rich quick emails, etc. My edits (for privacy) are in italics.

Xname of townX police have interviewed the man who used counterfeit $100 bills to wire about $5,000 to Nigeria and have decided he is the victim of an Internet scam. Police investigator xxxx Reed said the man has not been charged with a crime but he will repay the money he gave a Xname of townX business as part of the wire transaction. The man received 48 counterfeit $100 bills by FedEx after talking with two people in an Internet chat room. One person said she was a woman in need and the other person offered to send the Xname of X County man money to wire to the woman in Nigeria. The Secret Service is investigating the Internet part of the case, Reed said. The counterfeit money was described as high quality by investigators, making it difficult to detect.
 
Uh-ohhh!

You do not have permission to view link Log in or register now.

By Thomas Claburn
InformationWeek
Mon Jan 7, 6:50 PM ET



Geeks.com, a Web site that still displays a banner from McAfee's ScanAlert certifying that it is "Hacker Safe," on Friday sent a letter to customers saying that it was hacked last month.

"Genica dba Geeks.com ('Genica') recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised," said a letter posted on The Consumerist from Jerry L. Harken, Genica's chief of security, to an undisclosed number Geeks.com customers. "In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, e-mail address, credit card number, expiration date, and card verification number. We are still investigating the details ...
 
Phony iPhone Upgrade Hides Malware

You do not have permission to view link Log in or register now.

By Thomas Claburn
InformationWeek
Wed Jan 9, 6:45 PM ET



Your Apple iPhone could be infected with potentially malicious Trojan software because of a fake upgrade download, computer security officials with US-CERT warned Wednesday.

"This Trojan claims to be a tool used to prepare the device for an upgrade to firmware version 1.1.3," the US-CERT advisory said. "When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed."

The Trojan appears to be timed to exploit rumors that began in early December about new features in an upcoming iPhone firmware upgrade. Various online news sites and blogs cited a report published by CNET France that claimed an imminent iPhone update would feature a disk mode, for using the iPhone as a portable flash drive, and a voice recording mode.

Malware authors now regularly craft attacks that play off current news and events. The Storm worm, for example...
 
random js toolkit New Hack Attacks

You do not have permission to view link Log in or register now.

Richard Koman, newsfactor.com
Mon Jan 14, 4:38 PM ET



The security firm Finjan says it has discovered a major new type of malware that has infected more than 10,000 Web sites in December alone. Deemed "random js toolkit," it is a Trojan that infects end users' PCs and sends data from the infected machine to the "master" hacker. It can be used to steal passwords, documents and other sensitive information.

The malware dynamically creates and changes JavaScript code every time it is accessed, Finjan said. Thus, traditional anti-malware programs can't identify it.

Finjan CTO Yuval Ben-Itzhak said in a release, "Signaturing a dynamic script is not effective. Signaturing the exploiting code itself is also not effective, since these exploits are changing continually to stay ahead of current zero-day threats and available patches. Keeping an up-to-date list of 'highly-trusted-doubtful' domains serves only as a limited defense against this attack vector."

Dynamic Embedding

"What's needed to counter this exploit is dynamic code inspection technology that can detect and block an attack in real time," Ben-Itzhak said. "This technology doesn't depend ...
 
Data lost on 650,000 credit card holders

You do not have permission to view link Log in or register now.

By DAVID KOENIG, AP Business Writer
54 minutes ago



PLANO, Texas - Personal information on about 650,000 customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing.

GE Money, which handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people.

The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage company, and was never checked out but can't be found either, said Richard C. Jones, a spokesman for GE Money, part of General Electric Capital Corp.

Jones said there was ...
 
Glenn Beck in an interview last night with penn gillette (i know, but I like to keep the enemy close :)) mentioned a republican bill or motion that would allow h-secur. to parse every thing on the internet... is this just legal or normalization of omnivore, or is it a clear and present danger?

Anyone know about this cyber-criminal enterprise that may possibly be visited upon us? (its in response to china cyber-attacks, supposedly)
 
Charter cable empties 14,000 e-mail accounts

You do not have permission to view link Log in or register now.


By JIM SALTER, AP Business Writer
28 minutes ago



ST. LOUIS - Charter Communications officials believe a software error during routine maintenance caused the company to delete the contents of 14,000 customer e-mail accounts.

ADVERTISEMENT

There is no way to retrieve the messages, photos and other attachments that were erased from inboxes and archive folders across the country on Monday, said Anita Lamont, a spokeswoman for the suburban St. Louis-based company.

"We really are sincerely sorry for having had this happen and do apologize to all those folks who were affected by the error," Lamont said Thursday when the company announced the gaff.

Charter, one of the nation's largest ...
 
Best Buy Sold Infected Digital Picture Frames

You do not have permission to view link Log in or register now.

By Thomas Claburn
InformationWeek
Thu Jan 24, 5:30 PM ET



Insignia pulled a line of 10.4-inch digital picture frames from Best Buy stores and its Web sites this week after learning some had been infected with a computer virus during the manufacturing process.

"Once informed, we immediately pulled all units of this product from stores and retail Web sites as a precautionary measure to protect our customers," explains a statement on the Insignia Web site. "This product has been discontinued, and no additional inventory will be sold. Please note that no other Insignia digital picture frame products are affected by this issue."

Best Buy on Saturday said that a limited number of 10.4-inch digital picture frames sold under its Insignia brand were infected with a computer virus during the manufacturing processes. The statement says that some of the infected units (model number NS-DPF-10A) were sold...
 
You do not have permission to view link Log in or register now.

Robert McMillan
Thu Feb 7, 7:12 PM ET



San Francisco - The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers, security researchers said Thursday.


The download section of AvSoft's S-cop Web site hosts the malicious code, according to Roger Thompson, chief research officer with security vendor AVG. "They let one of their pages get hit by an iFrame injection," he said. "It shows that anyone can be a victim.... It's hard to protect Web servers properly."

The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim's browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim's computer.

The malicious software is a variant of the Virut virus family.

The iFrame pages are commonly used...
 
You do not have permission to view link Log in or register now.

Robert McMillan
Thu Feb 7, 7:12 PM ET



San Francisco - The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers, security researchers said Thursday.


The download section of AvSoft's S-cop Web site hosts the malicious code, according to Roger Thompson, chief research officer with security vendor AVG. "They let one of their pages get hit by an iFrame injection," he said. "It shows that anyone can be a victim.... It's hard to protect Web servers properly."

The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim's browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim's computer.

The malicious software is a variant of the Virut virus family.

The iFrame pages are commonly used...

Another great reason to use Firefox. It's not vulnerable to this attack. :D
 
You do not have permission to view link Log in or register now.

By JORDAN ROBERTSON, AP Technology Writer
27 minutes ago

SAN FRANCISCO - They're called "servers that lie."


Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society's Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google's Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run ...
 
You do not have permission to view link Log in or register now.

By Thomas Claburn
InformationWeek
Tue Feb 12, 6:30 PM ET



Just in time for Valentine's Day, Google on Tuesday released the results of a survey showing that young people are embracing e-mail to send love letters. Coincidentally, the FBI warned on Tuesday that cybercriminals are embracing e-mail to send fake love letters.


"The survey affirmed that e-mail is an increasingly important part of our most intimate and personal interactions, and that younger people are leading the charge: they are more likely to use e-mail for everything from sending love letters to ending relationships," said Google group product marketing manager Jen Grant in a blog post.

But the FBI advises caution. "If you unexpectedly receive a Valentine's Day e-card, be careful," the agency said. "It may not be from a secret admirer, but instead might contain the Storm Worm virus."

Security software vendor Trend Micro issued a similar warning on Monday. "As we had already forecast last month, Storm is already sending their Valentine greetings this week," said security researcher David Sancho in a blog post. "The owners of this powerful botnet are doing as much as possible to [sustain the number of compromised machines at their disposal]. This includes...
 
You do not have permission to view link Log in or register now.
, Google Says
By Thomas Claburn
InformationWeek
Tue Feb 12, 3:20 PM ET



Web browsing and searching are becoming increasingly risky activities, according to a report published by Google on Tuesday.


"In the past few months, more than 1% of all search results contained at least one result that we believe to point to malicious content and the trend seems to be increasing," said Niels Provos, a security engineer at Google, in a blog post.

Provos said that in the year and a half since Google began tracking malicious Web pages, the company has found more than 3 million unique URLs on more than 180,000 Web sites that attempt to install malware on visitors' computers.
......
 
All of these companies that are having problems with security leaks and break-ins need to hire this guy, Kevin Mitnick, known as the greatest cracker (hacker) of all time and he is still a young man. He actually broke into the governments computer systems. There's been movies made about this guy, one of the best one's I saw was called "Takedown"...great movie, if you guys get the chance you should check it out.

He now does freelance work for the governments cyber crime unit and runs his own consulting business, you can check him out here:

You do not have permission to view link Log in or register now.


Link Removed ( Old/Invalid)

You do not have permission to view link Log in or register now.


You do not have permission to view link Log in or register now.


and a google video about the Story of Kevin Mitnick here:

You do not have permission to view link Log in or register now.
 
Last edited:
You do not have permission to view link Log in or register now.
, Google Warns

Robert McMillan, IDG News Service
Sat Feb 16, 8:30 AM ET

The Web is scarier than most people realize, according to research published recently by Google.

The search engine giant trained its Web crawling software on billions of Web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of them, meaning that about one in 1,000 Web pages is malicious, according to Neils Provos, a senior staff software engineer with Google.


These Web-based attacks, called "drive-by downloads" by security experts, have become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack ....
 
You do not have permission to view link Log in or register now.

Quebec police break up a hacking ring that police say is responsible for an estimated $44.3 million) in damage to computer systems.
Robert McMillan, IDG News Service
Thursday, February 21, 2008 5:00 PM PST

...
Although the hackers operated from about a dozen towns all over Quebec, their botnet network was international in scope, infecting 39,000 computers in Poland, 28,000 in Brazil, and 26,000 in Mexico -- the top three countries affected by the group. In all, they hacked into more than 100,000 computers in 100 countries.
...
 

Users who are viewing this thread

Meister Ratings

Back
Top