krebsonsecurity - Slashdot User

Submission + - Banks Faulted for Fake Antivirus Scourge (krebsonsecurity.com)

Submitted by

krebsonsecurity

on Wednesday July 06, 2011 @10:05AM

krebsonsecurity writes: "Merchant banks that process credit card payments for fake antivirus or "scareware" exhibit a distinctive pattern of card processing that could be used by Visa and MasterCard to weed out the rogue processors, according to a new study by the University of California, Santa Barbara. From the study: "The UCSB team found that the fake AV operations sought to maximize profits by altering their refunds according to the chargebacks reported against them, and by refunding just enough to remain below a payment processor’s chargeback limits. Whenever the rate of chargebacks increased, the miscreants would begin issuing more refunds. When the rate of chargebacks subsided, the miscreants would again withhold refunds." The study also highlights how few customers ever request a refund, and how affiliates pushing this junk software made more than $133 million."

Comment Re:They Authorised The Charge (Score 1) 173

by krebsonsecurity on Tuesday July 27, 2010 @08:28PM (#33052398) Attached to: Rogue Anti-Virus Victims Rarely Fight Back

Everything you said is true and makes sense. However, what we are dealing with here are by-design fly-by-night companies that are in existence long enough to snag a few thousand victims, and then they vanish into thin air. There is no recourse in those cases for the victim/customer to obtain redress from the "company" that sold the bogus product: It simply doesn't exist anymore. And it's not like this is an accident: This is all part of the plan. If the so-called businesses spreading rogue anti-virus had to stay in business for more than a few weeks, they'd go broke from all the chargeback fees. The question is, who pays those chargeback fees when the company that incurred them is no more?

Submission + - Rogue Anti-virus Victims Rarely Fight Back (krebsonsecurity.com)

Submitted by krebsonsecurity on Tuesday July 27, 2010 @04:44PM

krebsonsecurity writes: One big reason why rogue anti-virus continues to make major bucks for scam artists? Relatively few victims ever ask their credit card company or bank to reverse the charges for the phony security software — even when the victims don't even receive the worthless software they were promised. I recently found several caches of data for affiliates of a rogue anti-virus distribution program, and the data showed that in one set of attacks only 367 out of more than 2,000 scammed disputed the charge. A second rogue anti-virus campaign scammed more than 1,600 people, and yet fewer than 10 percent fought the charges.

Submission + - Russian Anti-Spam Advisor Accused of Spamming (krebsonsecurity.com)

Submitted by

CmdrTaco

on Tuesday May 18, 2010 @09:49AM

CmdrTaco writes: "Keith noted that Krebs has an interesting story on a businessman in Russia
being accused of
running a spam ring while serving as an anti-spam advisor to the Russian government. It's a strange tale including an investigation in 2007 that was abandoned when the Chief investigator was actually hired to work for the spammer."

Submission + - Obama sends nuclear experts to tackle BP oil spill (telegraph.co.uk) 1

Submitted by Anonymous Coward on Saturday May 15, 2010 @03:09PM

An anonymous reader writes: The US has sent a team of nuclear physicists to help BP plug the "catastrophic" flow of oil into the Gulf of Mexico from its leaking Deepwater Horizon well, as the Obama administration becomes frustrated with the oil giant's inability to control the situation. The five-man team – which includes a man who helped develop the first hydrogen bomb in the 1950s – is the brainchild of Steven Chu, President Obama's Energy Secretary.

Submission + - US Postman Hoarded Over 20,000 Letters (bbc.co.uk)

Submitted by calmofthestorm on Friday May 14, 2010 @10:41PM

calmofthestorm writes: Some 20,000 pieces of mail — many more than a decade old — have been recovered from a postman's garage in the US city of Philadelphia. The FBI said it took more than three postal vans to remove the mail. Investigators are still trying to find the postman so they can question him.

Comment Re:Huh? Have the cake or eat it, make up your mind (Score 2, Informative) 215

by krebsonsecurity on Wednesday May 12, 2010 @06:01PM (#32187222) Attached to: FBI To Prosecute "Money Mules"

Exactly. I've interviewed doctors, lawyers and even people with a finance background that were mules. Not saying all of them believed they were doing the right thing, just that it's not dim bulbs involved in this.

Submission + - Cybercrooks Surpassed Old School Bankrobbers in 09 (krebsonsecurity.com)

Submitted by krebsonsecurity on Tuesday March 09, 2010 @10:24AM

krebsonsecurity writes: Organized cyber criminal gangs stole $25 million in the 3rd quarter alone last year, by pilfering the online bank accounts of small to midsized businesses, the FDIC reported last week. In contrast, traditional bank robbers hauled just $9.4 million in 1,184 bank robberies during that same period, according to an analysis of FBI bank crime statistics by krebsonsecurity.com. From that story: "The federal government sure publishes a lot more information about physical bank robberies that it makes available about online stick-ups. Indeed, the FBI’s bank crime stats are extraordinarily detailed. For example, they can tell you that in the 3rd quarter of last year, bank robbers were more likely to hold up their local branch between the hours of 9 a.m. and 11 a.m. on a Wednesday than at any other time or day of the week; they can tell you the number of tear gas and dye packs taken with the loot, the number of security cameras activated, the number of food stamps taken, even what percentage of suspected perpetrators had illegal drug habits at the time of the robberies. About the only thing the stats don’t tell you is what brand of jeans the perpetrators were wearing and whether the getaway car had cool vanity plates. What do we get about e-crime statistics from the federal government? One guy from the FDIC giving a speech at the RSA conference.

Submission + - Dot-com craze peaked 10 years ago this week (networkworld.com)

Submitted by netbuzz on Tuesday March 09, 2010 @06:59AM

netbuzz writes: When the NASDAQ stock index hit its all-time high of 5,133 on March 10, 2000, it had more than doubled in a year and the dot-com bubble was already leaking in a big way. A week later the NASDAQ had fallen 9 percent. A year later all of those NASDAQ gains were gone and then some, as well as such poster children of the era as Pets.com, Kozmo and – who could forget? – Whoopi’s Flooz. Here’s a look back.

Submission + - Mariposa Botnet Authors Unlikely to See Jail Time (krebsonsecurity.com)

Submitted by krebsonsecurity on Thursday March 04, 2010 @05:06PM

krebsonsecurity writes: Three Spanish men were arrested last month for allegedly building an international network of more than 12 million hacked PCs that were used for everything from identity theft to spamming. But according to Spanish authorities and security experts who helped unravel the crime ring, the accused may very well never see the inside of a jail cell even if they are ultimately found guilty, due to insufficient cyber crime legislation in Spain, writes krebsonsecurity.com. From the article: “It is almost impossible to be sent to prison for these kinds of crimes in Spain, where prison is mainly for serious crime cases,” said Captain Cesar Lorenzana, deputy head technology crime division of the Spanish Civil Guard.

Submission + - Time Bomb May Have Destroyed 800 Norfolk City PCs (krebsonsecurity.com)

Submitted by krebsonsecurity on Wednesday February 17, 2010 @08:54AM

krebsonsecurity writes: The City of Norfolk, Virginia is reeling from a massive computer meltdown in which an unidentified family of malicious code destroyed data on nearly 800 computers citywide. The incident is still under investigation, but city officials say the attack may have been the result of a computer time bomb planted in advance by an insider or employee and designed to trigger at a specific date, according to krebsonsecurity.com. "We don't believe it came in from the Internet. We don't know how it got into our system," the city's IT director said. "We speculate it could have been a time bomb waiting until a date or time to trigger. Whatever it was, it essentially destroyed these machines.

Submission + - Google proposes DNS extension (blogspot.com) 1

Submitted by ElusiveJoe on Thursday January 28, 2010 @09:48AM

ElusiveJoe writes: Google along with a group of DNS and content providers hope to alter the DNS protocol. Currently, a DNS request can be sent to a recursive DNS server, which would send out requests to other DNS servers from its own IP address, thus acting somewhat similar to a proxy server. The proposed modification would allow authoritative nameservers to expose your IP address (instead of an address of your ISP's DNS server, for example) in order to "load balance traffic and send users to a nearby server." Or it would allow any interested party to look at your DNS requests. Or it would send a user from Iran or Libya to a "domain name doesn't exist" server.

Submission + - Seinfeld's Good Samaritan law now reality? (fresnobee.com) 1

Submitted by e3m4n on Thursday January 28, 2010 @09:06AM

e3m4n writes: The fictitious 'good samaritan' law from the final episode of Seinfeld (the one that landed them in jail for 1 year) appears to be headed toward reality for California residents after the house passed this bill. There are some differences, such as direct action is not required, but the concept of guilt by association for not doing the right thing is still on the face of the bill.

Submission + - Insecure Plugins Ding IE, Safari, Chrome, Opera (krebsonsecurity.com)

Submitted by krebsonsecurity on Monday January 25, 2010 @05:46PM

krebsonsecurity writes: The Web browser wars often focus on which browser is more secure, but the dirty secret is that insecure plugins are a serious threat to all browsers, both from a stability and security perspective. Krebsonsecurity.com features an interestingly look at the administration page for a popular browser exploit kit called Eleonora, which suggests that plugins like Adobe Reader and Java are leading to successful compromises for users surfing not just with Internet Explorer, but also Google Chrome, Firefox, Safari and Opera.

Submission + - NASA to Propose Commercial Space Initiative (associatedcontent.com) 1

Submitted by MarkWhittington on Monday January 25, 2010 @04:03PM

MarkWhittington writes: The Wall Street Journal is reporting that starting with the FY2011 budget request for NASA, the Obama administration intends to propose a new program to encourage the development of a commercial space flight industry.

Slashdot Top Deals