Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Read the full article. [Wired]

The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came after their ISP found a new upstream provider to provide connectivity to the outside world, autonomous system records showed. Read the full article. [The Register]

A network frequently used for malware delivery was shut down Wednesday night, probably against the will of its operators. Troyak.org, an Internet service provider well-known for serving Zeus botnets and other malware delivery methods, went dark overnight, resulting in the shutdown of as many as 25 percent of the world's Zeus botnets, according to researchers. Read the full article. [Dark Reading]

New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit offers a $10,000 module that can let attackers completely take control of a compromised PC. Read the full article. [Network World]

Digital Underground podcast with Dennis Fisher

Dennis Fisher talks with security researcher Robert “Rsnake” Hansen about how online privacy became such a mess, Google’s effect on personal privacy and the virtual impossibility of using the Internet without using Google’s services.

digital_underground_50.mp3

In this wide ranging interview, cryptographer, Taher Elgamal, chief security officer of Axway Inc. and  initial driving force behind SSL, explains how applications may be better adapted to defend against attacks and how cloud computing may alter data protection and authentication. Read the full article. [TechTarget]

Cybercriminals are using a fake Windows Update installation dialogue box to sell a bogus security product called Anti-malware Defender, security researchers have warned. Read the full article. [Computer Weekly]

An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP. Read the full article. [The Register]

WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware. Visitors to the Drudge Report, The New York Times, the San Francisco Chronicle, and other Web sites were found to be delivering ads containing malware last year. Read the full article. [CNet]

A Cambridge University study has shown how easy it is to guess the answer to common questions, such as someone's mother's maiden name. It found attackers will be able to break into 1 in 80 accounts if they get three chances to guess answers. Read the full article. [BBC]