Just how many websites have been compromised by last week’s attack of the Scob trojan? A report released today by Cyveillance, a U.S. based ‘provider of online risk monitoring and management solutions’, concludes that 641 sites were still infected with the JS.Scob.Trojan virus as of June 27, 2004. The company says it used its proprietary … Read more
Scaring the bejesus out of a lot of security folk this weekend is a new kind of phishing attack that doesn’t require the victim to do anything but visit the usual websites he might visit anyway. It works like this: The bad guy uses a weakness in web servers running Internet Information Services 5.0 (IIS) and … Read more
A bit late (my apologies) but it’s interesting to look at the recent Distributed Denial of Service attack on Akamai, an Internet infrastructure provider. The attack blocked nearly all access to Apple Computer, Google, Microsoft and Yahoo’s Web sites for two hours on Tuesday by bringing down Akamai’s domain name system, or DNS, servers. These … Read more
Further to my posting on top level domains being registered with clear criminal intent (the example I used was paypal.de.com, in ‘How to make a phish look real’) I just received this from Joe Alagna, Manager, North American Markets for CentralNic, the registrar for the TLD in question. Here’s his reply in full: I wanted … Read more
Here’s a great example of why you can never really entrust your information to anyone but yourself. The Register’s John Leyden reports that Pointsec Mobile Technologies, a data security company, has obtained via eBay a hard disk apparently owned by ”one of Europe’s largest financial services groups”. On the hard disk were, in the words of … Read more