Posts Categorized: Targets


Oh, Hush Chicken Little – The Sky is Not Falling: Why Cloud Security is Still Safe

by

By Brian Czarny This week it was impossible to escape the “big news” that Twitter got hacked. The French hacker, known as “Hacker Croll,” who made headlines back in May for a similar Twitter breach, was at it again. This time he managed to get his hands on at least 310 sensitive Twitter business documents by gaining access to an employee’s email account, subsequently using information found in that account to then access the employee’s Google Apps account to steal the confidential company documents. The hacker sent the documents to TechCrunch, who then chose to publish them along with an […]

Continue Reading »

What Keeps IT Professionals Up at Night

by

By Brian Czarny Webroot recently surveyed more than 300 email and Web security professionals about email management, compliance, archiving, encryption, spam, viruses, Web filtering and Web-based malware attacks.  Our research shows that security practices and risk perceptions have evolved over the last year – the top three security concerns are email threat protection, data security/confidentiality and Web threat protection.  Other highlights of the survey include: Security professionals are clearly worried about insufficient resources for Web security– a potential result of the economic downturn. The large number of organizations that were required to retrieve email for legal or compliance reasons within […]

Continue Reading »

Jackson/Fawcett Malware is Extortion-ware

by

As I reported yesterday, searches for information about the deaths of Michael Jackson or Farrah Fawcett were turning up links to malware. This came as no surprise to anyone, though the speed with which the links spread was astonishing: Within minutes of the first confirmation that Jackson had succumbed to a heart attack, the first malicious blog posts began popping up in search results. We’re continuing to monitor hundreds of malicious sites touting news of Jackson’s demise — and new malicious blogs are coming up as fast as the blog services can shut them off. The first site we encountered […]

Continue Reading »

Gamers: Fight the Phishers

by

Last week, I posted a blog item that explained how gamers face a growing security threat in phishing Trojans — software that can steal the passwords to online games, or the license keys for offline games, and pass them along to far-flung criminal groups. We know why organized Internet criminals engage in these kinds of activities, because the reason is always the same: There’s a great potential for financial rewards, with very little personal risk. So I thought I’d wrap up this discussion with some analysis of how the bad guys monetize their stolen stuff. After all, how do you […]

Continue Reading »

5 PC Gaming Threats and How To Beat Them

by

By Mike Kronenberg E3, the annual trade show for the computer and video games industry, kicked off in Los Angeles yesterday, not long after the unofficial start of summer on Memorial Day. These events got me thinking about what many students might do with their free time over the next three months. I imagine that for legions of young PC gamers, this could mean hour after blissful hour spent honing their skills as a blacksmith and earning gold in their favorite online fantasy universe. You can bet cybercriminals are imagining the same thing, too – and banking on it.  In […]

Continue Reading »

Malware targets mobile IMers

by

Once in a while, you don’t have to do anything at all and malware just drops into your lap. That happened to me the other day, when I received a buddy request from a total stranger in my decade-old ICQ instant messenger account. It’s never failed to be a rich source for malicious links, SPIM, and other fun stuff (that is, from a malware research perspective). ICQ is a multi-lingual community, and this request was written in the Cyrillic alphabet. My client didn’t render it properly, so I couldn’t read the text of the come-on. But I could read the plain-ASCII URL that was […]

Continue Reading »

Do you Think Security First?

by

In an era when virtually all businesses use the Internet, in one form or another, to get work done, it’s worth asking the question posed in the title of this blog entry. Think Security First is an organization dedicated to helping spread security gospel to businesses — via chambers of commerce. Their goal: to create a Neighborhood Watch for the Internet, organized around these local business groups. On Monday, I and several other speakers had the opportunity to address representatives of chambers of commerce at a panel discussion organized by Neil O’Farrell, the group’s founder and chief evangelist. Webroot is […]

Continue Reading »

Adware Purveyors Panning for Search Gold

by

We know most adware companies are shameless in their pursuit of revenue, but it’s been a while since we’ve seen anything as bizarre (or hilariously bold) as the sales pitch from a relative neophyte to the world of adware, which calls itself SnappyAds. On its homepage, SnappyAds posits the hypothetical glee of two business-suited online ad men counting the thousands of dollars they’ve allegedly earned from their allegedly lucrative venture. Behind the SnappyAds facade, however, is an adware client we (and a few other AV companies) call SearchPan. The installer for the adware client application is hosted on SnappyAds’ webserver, […]

Continue Reading »

New Malware Ruins Firefox

by

Late last year, we read all the buzz about ChromeInject, a malicious DLL that was being billed as the first malware specifically targeting Firefox. It was interesting to see that someone built a phishing Trojan for a different browser platform, but ChromeInject was also clearly an early phase in Firefox malware development: It was fairly obvious, and it was easy to eliminate, because it generated an entry in the Plugins menu called “Basic Example Plugin for Mozilla” which you could simply disable with a single mouse click. Well now it looks like the bar’s been raised. In the past few […]

Continue Reading »

As Web 2.0 explodes, does IT security implode?

by

By Jesse McCabe Social media sparked a revolution in how we communicate. From best friends to business owners, more of us every day are using a social networking site to connect with people. Facebook welcomes 700,000 new members daily, and an estimated 4-5 million people are now reading tweets on Twitter. And cybercriminals are having a field day exploiting the vulnerabilities social networks have exposed in our Internet security practices. By and large, Internet security at the network level has recently consisted of on-premise URL filtering mechanisms used by organizations to enforce company Internet use policies and improve employee productivity.  These solutions […]

Continue Reading »