Cyber-crimefighters pwn Carders.cc

Brian Krebs, source of a lot of key research on the banking trojan focus on small to medium sized business, has reported that cyber-vigilantes have rattled the cage of a major carder site by posting their member’s passwords: Ironically, the anonymous authors of the e-zine said they were able to compromise the criminal forum because

No Stone Left Unturned

We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is "erin andrews death threat".  Apparently,

Virus, Anti-Virus, Fake Anti-Virus

Round here, we're more than a little concerned about fake/rogue antivirus (and other fake security software). It's an ugly form of ransomware that hurts its victims in many ways. It scares them by threatening dire consequences and damage from malware that doesn't exist (except in the sense that the fake AV is itself malware), in

The Return of Jacques Tits

It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a

BBC Click: Net scams and jobseekers

You may have gathered from some of the blogs published here last year that i'm not biggest fan of the BBC's "Click" programme. I regard the Beeb's forays into buying botnets and stolen credit card details and making active use of them as at best naive. I agree that people need to be aware of such issues,

Hotmail’s Delay May Facilitate Fraud

I received an email from an acquaintance this morning. It said: Please Urgent Needed Hello,   How are you doing?hope all is well, I"m sorry that i didn’t inform you about my traveling to England for a Seminar.I need a favor from you as soon as you receive this e-mail because i misplaced my wallet

Mugs and Muggings, Scams and Facebook

The estimable Gadi Evron has posted an article at DarkReading about a dialogue he was caught up in on Facebook. One of his contacts popped up in a Facebook Chat window and told him how she’d been been held at gunpoint and robbed in London, losing her credit card, cash and mobile phone. Well, having

Phishing Victims

Responding to a request for information about phishing and malware distribution mechanisms this morning, I happened upon a link on the Anti-Phishing Working Group site to the Silver Tail blog  The site has been running a series of blogs on "Online Fraud from the Victim’s Perspective". Author Laura Mather tells the story of two victims,

Phishing Persistence

Here’s something I haven’t noticed before (but then I don’t pay nearly as much attention to phishing messages as I used to, owing to the need to sleep occasionally). I’ve started to receive messages purporting to be from the Alliance and Leicester, in the UK. The messages are much the same, apart from the Subject

Phishing the Web

A new advisory from the Anti-Phishing Working Group (APWG) offers advice to website owners on what actions to take when notified that their site or server has been compromised for use by phishers. At 18 pages, it’s a substantial high-level document, including: Some web site phishing attack and response scenarios Identifying an attack Reporting a

419 Frauds: They Just Keep Coming…

A memo to Middle- East Asia Promotion. Thank you for letting me know that I’ve won $720,000.00 in a promotion sponsored by Dell and the Emirates Foundation. Four days running: nothing suspicious about that, nor the fact that my wife has apparently won the same amount in the same promotion every day for the past

Facing Down Facebook

An IT/business magazine called Information Age, apparently aimed at executives with interest and responsibilities in IT, hit my letterbox this morning. That’s an actual magazine with real paper pages: remember those? Seeing as it’s Saturday, I took it back to bed with me to look through while I had the first coffee of the day, and

Enough to Break your Heartland: Fraud and Malware

MSNBC put up some interesting comment on the Heartland security breach. Since they’ve put some emphasis on the involvement of malware in the breach, it’s worth making a few points. * Heartland was PCI compliant when the breach occurred. The PCI DSS v1.2 Requirement #5.1.1 states: “Ensure that all anti-virus programs are capable of detecting,

Money for Nothing…

…no promise of chicks for free, but I did get spam this morning offering me a "Free-Trial kit" for some scheme for "making money through the Internet by doing almost nothing" (probably some sort of pyramid scheme, I guess, updated with a reference to using Google). While I’m not about to take up the offer, I

Election Malware and Social Engineering

The election may be over, but the bad guys are still milking it, and there are lessons to be learned. I guess there’s nothing that brings out the worst in human nature like an election. There were all those chain letters, rumours and hoaxes about how various candidates were undesirable, un-American, immoral etc.  Then there were

Follow us

Copyright © 2015 ESET, All Rights Reserved.