Scumbag Scammers Using the Boston Bombing to Spread Malware

Scumbags. (Photo: Sophos)

The dirtbags who make malware are at it again. Sophos’s Naked Security blog reports that scammers are already taking advantage of Monday’s bombing at the Boston Marathon, because they have zero sense of decency.

Scammers are sending out emails with subject lines like, “2 Explosions at Boston Marathon,” “Aftermath to explosion at Boston Marathon,” and “Boston Explosion Caught on Video.” Inside the emails is a link to a website with the promised YouTube videos–plus a Windows virus. “Clearly, there are no depths to which cybercriminals are not prepared to stoop in their hunt for victims,” Sophos said. Read More


Your New Password May Be Located in the Palm of Your Hand

This guy is everywhere now. (Image Devdsp on Flickr

If nothing else, hackers’ exploits in the last couple of years have revealed the frailty of the password protection system. With that in mind, Intel Labs has developed a biometric device and software that could essentially turn the patterns of veins in our palms into biological bar codes. On Thursday Sridhar Iyengar, Intel’s director of security research, revealed the system to an annual Intel Developer Forum: Read More


FBI Could Pull the Plug On Millions of Internet Users March 8

These guys want to help. Really.

The Federal Bureau of Investigation may yank several crucial domain name servers (DNS) offline on March 8, blocking millions from using the Internet. The servers in the FBI’s crosshairs were installed in 2011 to deal with a nasty worm dubbed DNSChanger Trojan. DNSChanger can get an innocent end-user in trouble; it changes an infected system’s DNS settings to shunt Web traffic to unwanted and possibly even illegal sites.

DNSChanger oozed out of Estonia and may have fouled up as many as a half-million computers in the United States. The feds’ temporary fix to keep the worm from propagating was to replace infected servers with clean surrogates. Read More


Citigroup: Hai Guys Ur Accounts Got Hacked a Month Ago K THX SRY

There seems to be an uptick in cybercrime lately, no? Some 200,000 Citibank customers had their accounts hacked at the beginning of May and are just finding out about it now, Reuters reports. Sony similarly dragged its feet when hackers gained access to an astonishing 77 million accounts in April and the company waited more than a week to tell customers their data had been compromised. The hackers got access to names, emails, account numbers and passwords, customers were notified this weekend, and Citibank has replaced cards for compromised accounts.

Citigroup joins Google and Sony in victims club,” says the headline in the International Business Times. We have a Citibank card. Can we be in the victim’s club too?


Hacker Tells Yahoo About a Worm and Gets Snubbed. Now He’s Getting Even With a Second One

paxno worm

There’s a second part to the story of a hacker who built a malicious worm at a Yahoo-sponsored hackathon in Bucharest that exploits a vulnerability in a Yahoo developer service. The hacker, who goes by Pax, was offended when the hackathon organizers cut short his time on stage due and failed to give him due respect for a clever (though malicious) hack, or thank him and his team partner for exposing a security hole. “They were/are complete assholes,” he said on Twitter after someone commented that the officials’ reaction had turned a white hat effort into a grudge. Read More