“security” via n8xja in Google Reader 2012-12-12 11:55:41

On Tuesday, the FBI announced that it had arrested ten people connected to a botnet that had spread through Facebook. Spread by a virus targeting Facebook users, the botnet caused over $850 million in losses to financial institutions, infected over 11 million computers, and stole credit card and bank account data. The botnet itself was shut down in October, according to an FBI statement.

This is the second major outbreak of botnets based on the Butterfly (aka Mariposa) bot tool. The first incarnation, discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims.

In the latest incarnation of Butterfly, the botnet spread itself using variants of Yahos, a virus that spreads itself by sending links via social networks and instant messaging. Victims clicked on the link, launching Yahos’ attack. The malware, which in some variants disguised itself as an NVIDIA video driver, then downloaded and installed the botnet controls and browser exploits that captured users’ credit card and bank account information. The spread of viruses like Yahos prompted Facebook to  partner with McAfee in 2010 to provide tools to users to clean infected systems.

Read 1 remaining paragraphs | Comments

“security” via n8xja in Google Reader 2012-12-12 11:55:41

On Tuesday, the FBI announced that it had arrested ten people connected to a botnet that had spread through Facebook. Spread by a virus targeting Facebook users, the botnet caused over $850 million in losses to financial institutions, infected over 11 million computers, and stole credit card and bank account data. The botnet itself was shut down in October, according to an FBI statement.

This is the second major outbreak of botnets based on the Butterfly (aka Mariposa) bot tool. The first incarnation, discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims.

In the latest incarnation of Butterfly, the botnet spread itself using variants of Yahos, a virus that spreads itself by sending links via social networks and instant messaging. Victims clicked on the link, launching Yahos’ attack. The malware, which in some variants disguised itself as an NVIDIA video driver, then downloaded and installed the botnet controls and browser exploits that captured users’ credit card and bank account information. The spread of viruses like Yahos prompted Facebook to  partner with McAfee in 2010 to provide tools to users to clean infected systems.

Read 1 remaining paragraphs | Comments

“security” via n8xja in Google Reader 2012-11-07 17:40:42

Enlarge / A figure from the patent that has been asserted against Intel, Google, and hundreds of other companies providing SSL and TLS on their websites.
Google

An unknown company’s four-year campaign to sue hundreds of companies for offering encryption on their websites shows no signs of abating, with Intel, Yelp, and MovieTickets.com being targeted in the past month, court records show.

The patent infringement complaints, which have also named Google, Apple, eBay, and Expedia, claim that Marshall, Texas-based TQP Development is entitled to royalties for the companies’ use of the secure sockets layer and transport layer security protocols. Together, SSL and TLS form the basis for virtually all encryption used to authenticate websites and to encrypt data traveling between them and end users. The lawsuits assert US Patent No. 5,412,730, which is titled “Encrypted data transmission system employing means for randomly altering the encryption keys.”

Court records indicate that TQP has sued hundreds of companies since 2008. At least 100 of those organizations have been named in the past 12 months, indicating that the campaign is only gaining steam. A variety of them, including one against Apple, were later dismissed after reaching confidential settlements. A separate case, filed against TD Ameritrade, was dismissed on August 28, two weeks before a jury trial was scheduled to begin.

Read 5 remaining paragraphs | Comments

Botnet master gets 30-month prison term for renting out infected PCs

A hacker who controlled a botnet of 72,000 computers and rented out command-and-control access to various malcontents was sentenced to 30 months in prison today, the Department of Justice said.

Joshua Schichtel, 30, of Phoenix, Ariz., pleaded guilty in August of last year to one count of “attempting to cause damage to multiple computers without authorization by the transmission of programs, codes, or commands, …

Botnet master gets 30-month prison term for renting out infected PCs

A hacker who controlled a botnet of 72,000 computers and rented out command-and-control access to various malcontents was sentenced to 30 months in prison today, the Department of Justice said.

Joshua Schichtel, 30, of Phoenix, Ariz., pleaded guilty in August of last year to one count of “attempting to cause damage to multiple computers without authorization by the transmission of programs, codes, or commands, …

Botnet master gets 30-month prison term for renting out infected PCs

A hacker who controlled a botnet of 72,000 computers and rented out command-and-control access to various malcontents was sentenced to 30 months in prison today, the Department of Justice said.

Joshua Schichtel, 30, of Phoenix, Ariz., pleaded guilty in August of last year to one count of “attempting to cause damage to multiple computers without authorization by the transmission of programs, codes, or commands, …