Updated Blackhole Exploit Kit Uses Random Domain Generation

An updated version of the Blackhole Exploit Kit appears to now offer an emerging technique to boost infection and redirection rates: a pseudo-random domain generator.The automation feature was discussed this week in a blog post by Symantec security researcher Nick Johnston, in which he outlined how a script injected into a compromised site can regularly register other URLs to maintain the Web-based attack.

CarderProfit Case Shows Maturation of FBI Anti-Cybercrime Operations

The FBI is the country’s top police unit, charged with tackling the biggest problems facing its citizens. Cybercrime, by just about any measure, would fall somewhere near the top of that list of problems.The FBI historically has been ineffective and at times indifferent to all of this. However, there are signs–including the major carder takedown yesterday–that the bureau might just be finding its feet in the fight against malware gangs, botnet operators, carders and other assorted bad guys.

A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say that the attack does not represent a catastrophic failure for the tokens.

By Wade WilliamsonFor years enterprises have been trying to control peer-to-peer (P2P) technologies inside their networks, and for good reason. The efficiency with which P2P technology move large files have made P2P networks key enablers of the Internet grey market by acting as the distribution mechanism of choice for pirated movies, music or applications. Aside from P2P being a source for pirated content, they are also a significant enabler of malware as both an infection vector and a command-and-control (C2) channel. These security risks have made controlling P2P traffic a priority for many security teams.

Users of the free, open source KeePass password manager got unwelcome news on Tuesday, after a private security researcher claimed to have discovered a remotely exploitable security hole that could give an attacker access to unencrypted user passwords. However, KeePass’s creator calls the hole minor, and unlikely to be used in an attack.

A two-year undercover operation today netted two dozen arrests in eight countries in what federal authorities say is the largest coordinated international takedown  in history directed at those who traffic stolen financial data through online forums. The investigation uncovered 411,000 compromised credit and debit cards and saved an estimated $205 million in economic losses. Additionally, 47 companies, government entitites and educational institutions were notified their networks had been breached.

It’s become more important than ever to protect your privacy online. Dennis Fisher and his guest, Andrew Lewman, The Tor Project, Executive Director discuss what end-users need to know and do to keep online anonymity, reduce their risk factor and ultimately put the control back in the users hands.  

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.