Salon.com > Malware

U.S. database on cyber-vulnerabilities is hacked

Thu, 14 Mar 2013 18:06:00 +0000

A government database on computer vulnerability has a vulnerability problem of its own. According to reports Thursday, the National Vulnerability Database website -- which includes databases of security checklists and security-related software flaws -- was among sites taken down for two weeks after malware was discovered on their servers.

A number of other sites also belonging to the National Institute of Standards and Technology were also affected. The government agency released the following statement:

NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability.

How hackers spy on women through their webcams

Mon, 11 Mar 2013 17:07:00 +0000

Ars Technica reported this weekend on how hackers have been spying on women through their webcams using RATs (remote administration tools). It's an unsettling read, revealing how "RAT operators have nearly complete control over the computers they infect; they can (and do) browse people's private pictures in search of erotic images to share with each other online. They even have strategies for watching where women store the photos most likely to be compromising."

The online community of RAT operators, "ratters," Ars Technica notes, is almost exclusively male. They share the fruits of the computers they compromise -- largely intimate images of women swiped from computer files or caught on webcam -- on aboveground hacker forums. They call the women they spy on "slaves."

RAT technology is not new, but has become vastly more sophisticated and undetectable by victims. As Ars Technica noted, ensnaring "slaves" is the easy part:

Bank reimburses hacking victim $300K

Fri, 30 Nov 2012 20:47:00 +0000

In a case that may set a precedent for liability in hacking fraud incidents, a bank in Maine has agreed to reimburse a construction company $345,000 that was lost to hackers. A court ruled that the bank’s security practices were “commercially unreasonable,” reported Wired Friday.

In 2009, hackers installed malware on construction firm Patco’s computers and stole its banking credentials to steal around $300,000. People’s United Bank has agreed to pay Patco Construction Co. all the money it lost plus interest. Although a U.S. District Court ruled that People’s United wasn’t responsible for the lost money as Patco claimed, the First Circuit Court of Appeals found the bank was responsible for an increased fraud risk and advised on the settlement.

"The case raised important questions about how much security banks and other financial institutions should be reasonably required to provide commercial customers," noted Wired. Jeremy Kirk at ComputerWorld.com wrote that the case is "a sign that small businesses are having greater success at shifting liability toward banks in online security meltdowns, including out-of-court settlements."

FBI warns of malware targeting Androids

Tue, 16 Oct 2012 21:38:00 +0000

The FBI is warning Android phone users about a new type of malware (short for "malicious software") that targets the devices' operating systems. According to Mashable Tech, "The malware lures victims in different ways. One advertises itself as a 'work at home' opportunity that promises a lucrative payday just for sending out email; an attached link then leads to a website that spreads Loozon [the malware] to its target."

According to a release from the Internet Crime Complaint Center (IC3) -- a partnership between the FBI and the Nation White Collar Crime Center -- the malware steals contact details from the user's address book and phone number. Another malicious application noted by IC3, "FinFisher," works to remotely control and monitor an infected device.

However, ZDNet's Stephen Vaughan-Nichols has been swift to decry FBI warnings as "badly written," noting that the malware has little to do with a problem in Android security, but relies on user mistakes: