ZeuS: Me Talk Pretty Finnish One Day
A couple of months ago, there was an overly polite variant of ZeuS circulating here in Finland. And while the Finnish localization was pretty good — it used "Suo anteeksi" within an error message… not...
View ArticleMac Flashback Exploiting Unpatched Java Vulnerability
A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now.Oracle released an update that...
View ArticleA Mysterious Java Exploit
Last week Kahu Security blogged about Escalating Java Attacks. Kahu's post dissects two Java exploits.The first exploit targets CVE-2012-0507, the latest Java vulnerability that's been seen being...
View ArticleMac Flashback Infections
On Monday, we wrote about a variant of the Mac Flashback trojan that exploits a then unpatched Java vulnerability (CVE-2012-0507). Apple released its security update on Tuesday. If you have Java...
View ArticlePolice Themed Ransomware Continues
Over the last several weeks, we've been monitoring a rash of ransomware campaigns across Europe, in which messages, supposedly from the local police, are displayed demanding that a fine must be paid...
View ArticleTitanic APT
Breaking News about the RMS Titanic based on information collected during the recent divings of director James Cameron.The new findings are based on artifacts lifted from the seafloor.Here's an image...
View ArticleBlackhole's Lesser Known Exploit
Although Blackhole has been investigated and dissected multiple times, there are still some surprises that emerge. One thing we just discovered is an exploit for CVE-2011-0559, which is one of the two...
View ArticleFlashback Removal Tool
We have created a free tool that automates the detection and removal of the widespread Flashback Mac OS X malware.How to use the tools: 1) Download FlashbackRemoval.zip to the Mac machine you want to...
View ArticleTrojan:W32/Ransomcrypt
We are receiving reports of a ransom trojan, it's been circulating during the last two days.When first run on the system, the ransomware will iterate all folders on the system. Every document, image,...
View ArticleMore Mac Malware Exploiting Java
Reports of new Mac malware variants exploiting CVE-2012-0507 surfaced last week. The Java vulnerability is the same one used by Flashback to infect more than 600 thousand Macs.The first new threat was...
View ArticleRansomcrypt Decryption Script
Last week, we wrote about a ransom trojan called Trojan:W32/Ransomcrypt which encrypts documents, images, videos, et cetera and holds the files hostage for 50.Ransomcrypt encrypts files using Tiny...
View ArticleTrojan:Java/SmsSy.A targeting devices with Java midlet installed
An SMS-sending Trojan, which targets mobile devices with Java midlet installed, has been circulating in Malaysia. Some victims reported that they have been receiving an SMS message which appears to be...
View ArticleConfused News regarding Police Ransom Trojans
Computer security is confusing. It's not a simple topic to write about. Mass media often gets the details wrong.However, we rarely see as confused news articles as we have with Police Themed...
View ArticleA Tumblr of Rogues
Rogue AVs have not really taken much attention recently probably because they are no longer boldly screaming in everyone's faces as compared to the time when the most trending topics produce massive...
View ArticleKickstarting a movie about cybercrime
Filmmakers Charles and Walker Koppelman are working on a new movie project about cybercrime. We've met with Charles and the project seems really interesting.The project is still underway, and now the...
View ArticleOmaha, Nebraska is a Hotbed of Cybercrime Investigation
Regular readers of Krebs on Security will know that small and medium sized businesses and organizations have been the target of cybercrime gangs for several years now. What you might not know is which...
View ArticleTerrorist Groups in the Online World
The Combating Terrorism Center at West Point (USA) has released a study called "Letters from Abbottabad: Bin Ladin Sidelined?". The study provides analysis of 17 declassified documents captured last...
View ArticleTargeted Attacks in Syria
Syria has been the center of much international attention lately. There's unrest in the country and the authoritarian government is using brutal tactics against dissidents. These tactics include using...
View ArticleYet Another SQL Injection Attack
Somehow these SQL Injections targeting ASP/ASP.net sites just never seem to abate.First there was Lizamoon… surprising us with the millions of websites that got injected.Then came a few others with...
View ArticleOxford Muses on Mac Flashback: Worst Outbreak Since Blaster
So how bad was last month's Mac Flashback outbreak and who suffered the most? Our guess: it was bad, and university IT help desks. And it looks like our guess might not be far off the mark.Oxford...
View Article