Protozoids Tap Veterans Day Sentiment To Push Malware

How will you know when your dabbling in pharmaceutical spam and affiliate marketing hi jinks have truly poisoned your soul and stolen the last shreds of humanity you had left? Well, probably around the time that you find yourself taking advantage of public sentiment for the sacrifices of our men and women in uniform to push rogue antivirus malware and pornography.

zScaler: Resurgent Lethic using Stuxnet Tricks

Newly detected versions of the Lethic botnet are digitally signed using stolen credentials similar to those used by the Stuxnet worm, according to a blog post from Web security firm zScaler. 

In a blog post Wednesday, zScaler Senior Security Researcher Mike Geide said the company had intercepted new Lethic variants that were signed using legitimate digital signatures belonging to Taiwanese semiconductor firm Realtek Semiconductor Corp. That’s one of two firms whose credentials were used to help the Stuxnet worm fool detection systems and install itself on target systems.

Man Pleads Guilty in $4.8m ATM Fraud

A Connecticut man pleaded guilty to automatic teller machine (ATM) fraud on Tuesday following a scheme that conned $4.8 million from a Rhode Island bank over the last few years.

The crackdowns on massive, spam-spewing botnets disrupted the global flow of spam e-mail…for about a month. That, according to a new report out from Kaspersky Lab. “Spam in the Third Quarter of 2010” is the latest, quarterly report from Kaspersky’s anti virus research labs. It finds that several coordinated take-downs of massive botnets in the second half of the year did put a dent in global spam volumes, but only temporarily.

You might think everything that needed to be said already has been said about Albert Gonzalez, the mastermind behind the largest public computer security breaches in U.S. history. But the lengthy and up close account of Gonzalez in the New York Times today shows that there are more layers to what is, perhaps, the most spectacular hacking case in recent memory.

WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtually all of the methods the NSA uses for development and information assurance are publicly known.

Microsoft issued its monthly patch on Tuesday, releasing three security bulletins to fix security holes in a range of products, including a critical hole in versions of the Microsoft Office Suite. The three bulletins, MS10-087, 088 and -089 fixed a total of 11 vulnerabilities, five in Microsoft Office, two in Microsoft Office PowerPoint and four in Microsoft Unified Access Gateway. The release comes one month after a massive, October patch consisting of 16 bulletins addressing 49 vulnerabilities across a range of products.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.