Published on Symantec's YSR

06/28/2010

Poor Passwords, Poor Security

Last December, hackers stumbled upon a treasure trove: Security problems with the site of social networking application maker RockYou allowed anyone to access a massive list of passwords belonging to its users.

...

The stolen passwords put RockYou in the spotlight, and the company belatedly warned users that their passwords had been put at risk. Yet, the incident ended up being a windfall for password researchers. Luckily, the list of passwords did not include usernames, but it did give insight into users’ poor choice in passwords.

Symantec's YourSecurityResource

Posted at 10:36 AM in Articles, Consumer Technology, Published on Symantec's YSR, Research, Security | | Comments (0) | TrackBack (0)

|

05/20/2010

Hired for Crime

The college-aged woman entered the bank and asked to withdraw $9,900 from an account opened a mere two weeks ago. Both the age of the woman and the age of the account tipped off the teller that something was odd.

The alertness of the bank teller paid off: The woman was a "money mule," a person unwittingly helping online thieves launder money stolen from hacked bank accounts, says Steve Surdu, vice president of Mandiant, a security firm frequently called in to investigate computer fraud at financial firms.

"The teller thought there was no way that the person had that kind of money," says Surdu, who declined to provide further details of the incident. The bank managed to prevent the woman from withdrawing the money, most of which would have been sent overseas to the criminals who had hired her.

Symantec's YourSecurityResource

Posted at 09:10 AM in Articles, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

04/20/2010

Malevolent Zeus

It does not take Alex Heid long to break into the website’s database.

With a run-of-the-mill browser and knowledge of a backdoor in the online portal, Heid makes quick work of the software's security and grabs the targeted data: A database of usernames and passwords for a variety of sites and services, from banks to email to Facebook.

Yet Heid is one of the good guys. The website is one of the many set up by a program known as Zeus -- sort of a do-it-yourself cybercrime platform that has become extremely popular for its ease of use and advanced functionality. Zeus allows digital thieves and fraudsters to create code to infect computer systems. It has software to control the legions of compromised computers, and it comes with templates to create and manage campaigns of online crime.

Symantec's YourSecurityResource.com

Posted at 10:48 AM in Articles, Consumer Technology, Cybercrime, Malicious Code, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

03/05/2010

Not Deserving of Trust

When he wants to break into a corporate network, Kevin Johnson looks first to social networks to provide a way in.

The popular services, such as Facebook and Twitter, provide Johnson with connections to employees, information about their habits and a way to deliver hacking programs designed to infiltrate their computers. As a penetration tester for security firm InGuardians -- where he pretends to be the bad guy to help clients spot holes in their security -- Johnson has come to appreciate the ease with which social networks can be used to attack users.

YourSecurityResource.com

Posted at 02:03 PM in Antivirus, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

02/15/2010

Your Money or Your Data

In the summer of 2008, a particularly nasty piece of code started spreading among computers in Russia and Europe. Known as GPCode, the program was designed for a specific mission: infect the system, find more than 130 different file types on the hard drive, encrypt them and deleted the originals.

In essence, the program kidnapped a victim's data. And like any proficient kidnapper, the program left behind a note.

"Your files are encrypted with RSA-1024 algorithm," read a message on the screen. "To recover your files, you need to buy our decryptor."

YourSecurityResource.com

Posted at 02:05 PM in Antivirus, Cybercrime, Malicious Code, Published on Symantec's YSR, Security, Software | | Comments (0) | TrackBack (0)

|

01/15/2010

Bad Medicine

It's a regular visitor to your inbox: Spam that advertises cholesterol fighting Lipitor, depression suppressor Zoloft, or lifestyle drugs, such as Viagra and Cialis.

Known as pharmaceutical spam, or pharma spam, the unwanted email messages are a staple of online criminals and gray marketeers. Every day, hundreds of millions of junk messages inundate email servers worldwide, with pharma spam accounting for as much as 70 percent of the digital deluge.

YourSecurityResource.com

Posted at 05:05 PM in Articles, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

12/15/2009

Bad Bargains

Parents desperate to find this year's most popular items, such as Cepia's high-tech Zhu-Zhu Pets or Mattel's Mindflex Game, should be careful that they don't let their guard down online.

With the holidays nearly here, last-minute shoppers may throw caution to the wind when searching for hard-to-find gifts. Many online scammers depend on just that.

"As the holidays get closer, and people have not found the right present, they will get more desperate," says Catalin Cosoi, a senior anti-spam researcher at security firm BitDefender. "They might go to a Web site that they would not have gone to in the past."

YourSecurityResource.com

Posted at 05:01 PM in Articles, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

10/15/2009

The Underground's Cash Cow

Cybercriminals regularly buy and trade their victims' personal and financial information. Yet, security researchers are finding that online thieves are expanding their illegitimate businesses beyond just selling data. Now they are selling access to your computer.

In June, Web security firm Finjan reported that its researchers found an online trading platform that allows criminal buyers to lease or purchase blocks of compromised systems, commonly referred to as bots or zombies. The criminal exchange, named "Golden Cash" by its creators, presents an easy way for cybercriminals to profit from the control of their victims' systems.

Symantec's YourSecurityResource

Posted at 12:04 PM in Articles, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

10/01/2009

Sanctuaries for Thieves

In April, the Federal Trade Commission, the U.S. agency responsible for protecting consumers, approached a number of security experts looking to answer one question: Had a company known as Triple Fiber Network, or 3FN, become a haven for online crime?

The Shadowserver Foundation, a group of computer security whizzes who track cybercriminals' online activities, searched their database and found that more than 4,500 unique malicious programs used 3FN's servers as central command hubs. The data confirmed that 3FN provided a haven for cybercriminals to reach out to unsuspecting users and steal passwords, compromise their systems and send out spam.

"They were running botnet controllers for spamming and other malicious activity," says André DiMino, co-founder and director of the Shadowserver Foundation. "We had pretty good visibility into what they were doing."

Symantec's YourSecurityResource

Posted at 12:11 PM in Articles, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security, Software | | Comments (0) | TrackBack (0)

|

09/15/2009

Scare Tactics

Molly Redden just finished her 10-page English paper when a pop-up dialog box leapt to the front of her screen: "Alert! Your system is infected," it warned.

A sophomore at Georgetown University, Redden had been working late on a Saturday night, finishing up a paper for the next week's class. Now, a window listing dozens of viruses covered her desktop, and a dialog box asked her if she wanted to proceed with removal. She clicked "Yes."

Yet when the software asked her to pay $49.95 to clean her computer, she knew something was wrong.

Symantec's YourSecurityResource

Posted at 12:09 PM in Articles, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security, Software | | Comments (0) | TrackBack (0)

|

Next »