Criminal Hackers

A new Trojan dubbed "OddJob" is stealing people's money by taking over their online banking sessions after they think they've logged off.

The Trojan, which targets Windows-based computers, is being used by criminals in Eastern Europe to steal money from accounts in the United States, Poland, and Denmark, Amit Klein, chief technology officer of Trusteer, writes in a blog post today.

Klein said in an e-mail that he could not identify the banks being targeted or provide an estimate on the number of victims.

"It is early days for this malware," he said. "… Read more

Stuxnet may have hit different organizations, but its main target was still the Natanz nuclear enrichment plant in Iran, an expert who has analyzed the code said today.

Ralph Langner, who has been analyzing the code used in the complicated Stuxnet worm that used a Windows hole to target industrial control systems used in gas pipelines and power plants last year and possibly earlier, said the initial distribution of Stuxnet was limited to a few key installations.

"My bet is that one of the infected sites is Kalaye Electric," he wrote in an e-mail to CNET. "Again, … Read more

The Web site of the hacker group whose members were charged with computer crimes after they exposed a hole in AT&T's site for iPad customers last year was hacked today.

For at least a few hours an obscenity-laden message on the Goatse Security site said: "I have taken the liberty of exposing your gaping hole...As you are a group of self-aggrandizing [profanity redacted], I have also contacted the media to ensure that this incident gets the coverage it deserves.

"In cracking this site, I have sent specially crafted requests to the server with my … Read more

A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, which is popular in Russia and Eastern Europe.

The ad that showed up in the ICQ window was for a women's clothing company called Charlotte Russe and clicking on the ad directs to the company's Web site, said Roel Schouwenberg, a senior antivirus researcher at Moscow-based Kaspersky.

Around the same time the ad was displayed another pop-up appeared in a new browser from "Antivirus8," that said suspicious activity was detected on the system and it encouraged the user to download the program, … Read more

In a digital heist reminiscent of a John le Carré novel, more than $9 million worth of greenhouse-gas emissions permits were stolen from the Czech Republic electricity and carbon trading registry this week and transferred to accounts in other countries, at the same time as the Prague-based registry office was evacuated due to a bomb threat.

That electronic theft, the latest in a series of security breaches affecting the market for carbon emissions, led the European Commission to suspend transactions in national European Union registries on Wednesday for a week.

"Three attacks have taken place since the beginning … Read more

Two men were charged with computer crimes today for allegedly hacking into AT&T servers and stealing e-mail addresses and other information of about 120,000 iPad users last summer.

Andrew Auernheimer, 25, was arrested in his home town of Fayetteville, Ark., while appearing in state court on unrelated drug charges, and Daniel Spitler, 26, of San Francisco, surrendered to FBI agents in Newark, N.J., according to the U.S. Attorney's office in New Jersey. Both men were expected to appear before federal judges in Arkansas and New Jersey.

They each face one count of conspiracy to … Read more

A data breach at e-mail database management firm Silverpop prompted McDonald's and at least one other Web site to warn subscribers, but it's unclear just how many companies are affected.

McDonald's told customers this week that in addition to e-mail addresses, other information may have been exposed such as name, postal address, and phone number. The data was managed by an unnamed company hired by its marketing partner, Arc Worldwide.

However, the company was revealed to be Silverpop in this ChicagoBusiness.com report, which quotes an FBI spokesman as saying that Silverpop has more than 100 customers … Read more

Do you support WikiLeaks? Are you mad at critics trying to snuff it out? Maybe you're thinking about joining the online protests aimed at shutting down the Web sites of its opponents. Don't.

A loosely organized group of vigilantes under the name Anonymous have turned the botnet guns of their Operation Payback campaign, which previously targeted antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The WikiLeaks fallout has hit a frenzy since the site began releasing diplomatic cables last month that … Read more

Showing real chutzpah, or delusion, a member of the hacker group being investigated for exposing a hole in AT&T's iPad customer Web site says he will forgive the federal prosecutor if the probe is dropped and offered to work with him to fight cybercrime.

In an open letter to Assistant U.S. Attorney Lee Vartan that was also sent to journalists and the Full Disclosure security e-mail list," Andrew Auernheimer begins with "Howdy Lee" and offers some "friendly advice."

"I'm writing you to help clarify this situation we continue to … Read more