virus

Panda software posted an update on rogue security software flourishing on the web. A while back, I wrote about a class I visited where the teacher misspelled Kaspersky's website, and had the students download a fake anti-virus tool.

Imperva uncovered a new, automated, cloud-based phishing kit.  Our Application Defense Center found this kit on a hacker forum.

Unlike previous phishing kits that have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers.  And with the new cloud-based approach the infrastructure for this phishing kit never goes away.  Why?  In traditional schemes when you take down a server you take down not only the web page but also the back end data collection capability. In this cloud version, data collection is hosted separately from the phishing web sites which means hackers only need to repost the web front end in a new location to be back in business.  (It's like whackamole).

After an international take-down effort, a rogue ISP responsible for controlling large numbers of computers infected with data-stealing code is down for the moment, but it may be reconnecting with the Internet, according to security researchers.

Troyak, which is believed to be based in eastern Europe, was knocked offline earlier this month after other networks supplying its connectivity to the Internet stopped carrying its traffic due to complaints it was complicit in cybercrime.

Since then the network has fought a cat-and-mouse game with network providers in 12 countries and international law enforcement, according to Jart Armin, the pseudonymous editor of the Hostexploit.com Web site, which has been involved in the action.