Security Fix Archive by Category

Hundreds of Thousands of Microsoft Web Servers Hacked

Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government -- have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software...

By Brian Krebs | April 25, 2008; 08:00 AM ET | Comments (67)

Identity Theft Smash & Grab, CEO Style

Tens of thousands of corporate executives were the target of a series of identity-theft scams this week, e-mail-borne schemes that appear to have netted close to 2,000 victims so far. Early Monday morning, according to two security experts with firsthand...

By Brian Krebs | April 15, 2008; 10:44 PM ET | Comments (31)

Online Security: A Closer Look at a Negative Example

It may be easier than you think for someone to steal your wireless phone records. At least, that's the case if you're a Sprint wireless phone user. Sprint makes it very easy for customers to go online to view and...

By Brian Krebs | April 15, 2008; 06:09 PM ET | Comments (7)

Security Fix Pop Quiz, Spring 2008 Edition

Have you been keeping up to date with the latest security patches? Examine the list below to see how you've done. If you're not sure which version of a program you're running, you can usually tell by selecting "Help" and...

By Brian Krebs | April 14, 2008; 10:07 AM ET | Comments (27)

Time to Patch Your Flash

Adobe has issued an update to patch several security holes in its Flash player. Most people will have some version of Flash installed on their computers, so it's a good idea to take a moment and make sure your system...

By Brian Krebs | April 11, 2008; 03:31 PM ET | Comments (20)

Online Banking: Do You Know Your Rights?

The financial industry in the United Kingdom recently reaffirmed a policy that holds online banking customers liable for losses if they fail to secure their personal computers against data-stealing computer viruses. While this policy may seem surprising or even draconian...

By Brian Krebs | April 10, 2008; 08:49 AM ET | Comments (28)

Microsoft Fixes 10 Security Vulnerabilities

Microsoft today issued software updates to plug at least 10 security holes in its Windows operating systems and other software. More than half of the vulnerabilities fixed by these patches earned the company's most dire "critical" rating, and several of...

By Brian Krebs | April 8, 2008; 03:01 PM ET | Comments (9)

Kraken Spawns a Clash of the Titans

Most of my waking hours on Monday were spent fielding indignant queries from sources in the anti-virus industry who were wondering what I knew about reports of a new family of malicious software that allegedly had managed to infect more...

By Brian Krebs | April 8, 2008; 11:38 AM ET | Comments (10)

RedBox Warns of Credit Card Skimmers

DVD-rental vending machine maker RedBox today warned customers to be on the lookout for any unusual activity or physical changes to local RedBox kiosks, after the company discovered evidence that criminals had retrofitted at least three of the machines with...

By Brian Krebs | April 7, 2008; 01:55 PM ET | Comments (7)

Opera Updates and a Black Tuesday Preview

Opera this week released a new version of the Web browser to correct at least two remotely exploitable security vulnerabilities. Separately, Microsoft said it plans to release eight updates on Tuesday as part of its regular monthly patch cycle. The...

By Brian Krebs | April 7, 2008; 10:45 AM ET | Comments (2)

Consumers Report $239 Million Lost To Cyber Fraud In '07

U.S. consumers reported losing more than $239 million from online fraud last year, up from $198 million in 2006, according to data released today by the FBI. Internet auction fraud (35.7 percent) and merchandise non-delivery (24.9 percent) were the most...

By Brian Krebs | April 4, 2008; 12:49 PM ET | Comments (7)

Reach Out And Hack Someone

Gone are the days when telephones were dumb appliances that you simply plugged into the wall and forgot: Security researchers from one Internet security firm say they have located more than 100 vulnerabilities in hardware and software that powers the...

By Brian Krebs | April 3, 2008; 05:15 PM ET | Comments (10)

Apple Issues QuickTime Update for Mac, Windows

Apple on Wednesday pushed out an update to its QuickTime media player software, fixing at least 11 security vulnerabilities in the software for both Mac and Windows systems. Mac users can get the latest version through Software Update. Windows QuickTime...

By Brian Krebs | April 3, 2008; 06:45 AM ET | Comments (14)

8.3 Million Records Spilled in Data Breaches This Year

At least 8.3 million personal and financial records of consumers were potentially compromised by data spills or breaches at businesses, universities and government agencies in the first quarter of 2008, according to statistics released today. The San Diego based Identity...

By Brian Krebs | April 2, 2008; 03:00 PM ET | Comments (7)

April Fool's Day Warning, And Some Fun

This post has been updated. Please read through to the end. Original post: The cyber criminal(s) behind the Storm worm want to make an April Fool out of you today. The Storm worm author(s) likes to use holidays and other...

By Brian Krebs | April 1, 2008; 01:50 PM ET | Comments (8)

Don't Depend on Anti-virus to Save You

Last week I wrote a story about how anti-virus companies are struggling to keep up with the huge volumes of viruses and other malware being released on the Internet. The story examined the various ways the anti-virus industry has responded...

By Brian Krebs | March 25, 2008; 09:28 AM ET | Comments (42)

They Told You Not To Reply

When businesses want to communicate with their customers via e-mail, many send messages with a bogus return address, e.g. "somethinghere@donotreply.com." The practice is meant to communicate to recipients that any replies will go unread. But when those messages are sent...

By Brian Krebs | March 21, 2008; 09:30 AM ET | Comments (134)

The Anatomy of a Vishing Scam

A series of well-orchestrated wireless phone-based phishing attacks against several financial institutions last week illustrates how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies. The scams in this case took...

By Brian Krebs | March 15, 2008; 05:54 PM ET | Comments (5)

Microsoft Patches 12 Office Security Holes

Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft's "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or...

By Brian Krebs | March 11, 2008; 02:30 PM ET | Comments (6)

When Ads Go Bad

A long-time trusted source recently alerted me that some inappropriate advertisements were running on Neopets.com, a Web site full of addictive Macromedia Flash games aimed at pre-teens. Surprisingly, the curators of Neopets.com -- major media conglomerate Viacom -- are disavowing...

By Brian Krebs | March 10, 2008; 12:34 PM ET | Comments (20)

When Blocking Porn Isn't Enough

Last year, Security Fix looked at a free service that helps parents and other network administrators block adult Web sites for all of the PCs they control, without installing any software. Now, the company and community that built that service...

By Brian Krebs | February 26, 2008; 01:28 PM ET | Comments (36)

Fake Prez. Campaign Video Spreads Malware

Spammers are taking advantage of public awareness about the U.S. presidential race to trick people into installing malicious software. A recent blast of spam purports to contain links to a video of Sen. Hillary Clinton (D-N.Y.) on the campaign trail,...

By Brian Krebs | February 14, 2008; 04:50 PM ET | Comments (19)

Beware Bogus E-Valentines

If you want to express your affection for someone this Valentine's Day, try to find a more original way to do it than by sending e-greeting cards. You could be training your loved one to respond to scammers who are...

By Brian Krebs | February 13, 2008; 11:17 AM ET | Comments (26)

Microsoft's Valentine: 17 Security Updates

Microsoft today pushed out software updates to fix a large number of security flaws in computers running its Windows operating systems and other software. Notable among the patches is a critical roll-up of fixes for Internet Explorer, the Web browser...

By Brian Krebs | February 12, 2008; 04:50 PM ET | Comments (24)

Hackers Exploit Adobe Reader Flaw

Security Fix has learned that at least one of the security holes in the popular Adobe Reader application that was quietly patched by Adobe this week is actively being exploited to break into Microsoft Windows computers. On Wednesday, we alerted...

By Brian Krebs | February 9, 2008; 08:55 AM ET | Comments (26)

RealPlayer Labeled 'Badware'

An industry-academia group designed to raise public awareness about software that violates fair information and privacy practices has labeled recent versions of RealPlayer video streaming software as "badware," charging that the software surreptitiously installs pop-up ad serving software as well...

By Brian Krebs | January 31, 2008; 01:23 PM ET | Comments (44)

Just Say No To Work-At-Home Money Mule Scams

washingtonpost.com today ran a story I wrote that examines the ever-evolving scams that organized cyber thieves are coming up with to con people into laundering stolen funds on their behalf. The piece features interviews with a couple of unfortunate victims...

By Brian Krebs | January 25, 2008; 11:00 AM ET | Comments (37)

Massive Java Update Includes Security Fixes

Sun has released another update to its Java software that brings some 370 bug fixes, including a number of security updates. For most home users, this update brings the latest version of the software to Java 6 Update 4. Most...

By Brian Krebs | January 23, 2008; 01:42 PM ET | Comments (38)

Report: 51 Percent Of Malicious Web Sites Are Hacked

The number of legitimate Web sites that have been hacked and seeded with code that tries to infect the visitor's PC with malware now exceeds the number of sites specifically created by cyber criminals, according to a report released today....

By Brian Krebs | January 22, 2008; 09:29 AM ET | Comments (5)

Drawing a (Scary) Face On Malicious Software

If the phishing scams, computer viruses and worms that land in our inboxes each day take the form of hostile-looking beasts, we might all want to avoid them like the plague. Such is the vision of Romanian artist Alex Dragulescu,...

By Brian Krebs | January 18, 2008; 01:10 PM ET | Comments (6)

Wishing an (Un)Happy Birthday to the Storm Worm

This week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family circulating online today. This...

By Brian Krebs | January 17, 2008; 09:37 AM ET | Comments (26)

Scareware Program Targets Mac Users

The same tried-and-true social engineering tactics traditionally wielded against Windows users to frighten people into buying bogus security software are now being employed to target Mac users. Security experts say the curators of macsweeper.com warn visitors that their machine is...

By Brian Krebs | January 15, 2008; 01:50 PM ET | Comments (4)

Safeguarding Your Passwords

It's tough to navigate the Web and do business online without having to remember dozens of passwords, yet in my experience, very few people give much thought to securing these precious credentials. Most folks simply take advantage of the simple...

By Brian Krebs | January 13, 2008; 09:20 AM ET | Comments (23)

Microsoft Patches Three Windows Security Holes

Microsoft yesterday pushed out a couple of patches to fix at least three separate security flaws in its various Windows operating systems, including one that could be especially dangerous for Windows home users. The most serious update is included in...

By Brian Krebs | January 9, 2008; 10:43 AM ET | Comments (35)

New Nasty Hides From Windows, Anti-Virus Tools

A new family of malicious software that runs before Windows even boots up has infected thousands of PCs worldwide and remains undetected by virtually all of the commercial anti-virus tools, security experts warn. The newly-discovered malware is what's known as...

By Brian Krebs | January 8, 2008; 02:10 PM ET | Comments (67)

Microsoft Plugs 11 Windows Security Holes

Microsoft today released software updates to plug at least 11 security holes in PCs powered by its Windows operating systems and other software. Windows users can download the fixes either directly through the Microsoft Update Web site or via Automatic...

By Brian Krebs | December 11, 2007; 03:15 PM ET | Comments (14)

Apple Plugs 44 Security Holes

Apple released updates to fix at least 44 different security vulnerabilities in its software for Mac OS X and Windows. Forty of the flaws reside in OS X itself, while the rest are specific to Apple's version of the Safari...

By Brian Krebs | November 15, 2007; 10:15 AM ET | Comments (16)

ZoneAlarm Anti-Spyware Free for Today

Check Point Software Technologies, the company that makes the popular ZoneAlarm suite of security products, is giving away its ZoneAlarm Anti-Spyware product today. The software includes the firewall and free anti-spyware updates for a year. Check Point says the offer...

By Brian Krebs | November 14, 2007; 10:09 AM ET | Comments (20)

Russian Business Network: Down, But Not Out

A major Russian Internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. But security experts caution that there are signs that the highly profitable network may already be...

By Brian Krebs | November 7, 2007; 12:31 PM ET | Comments (11)

Salesforce.com Acknowledges Data Loss

Business software provider Salesforce.com acknowledged that a recent spate of targeted e-mail virus and phishing attacks against its customers resulted from one of its own employees falling for a phishing scam and turning over the keys to the company's customer...

By Brian Krebs | November 6, 2007; 11:34 AM ET | Comments (19)

Deconstructing the Fake FTC E-mail Virus Attack

A targeted e-mail virus disguised as an identity theft inquiry from the Federal Trade Commission appears to have successfully compromised more than 500 PCs, including victims at banks, real estate brokerages, law firms and marketing companies. Each of the victims...

By Brian Krebs | November 5, 2007; 06:00 AM ET | Comments (28)

Anti-Virus On A Mac?

Every other week, I host a Security Fix Live chat with readers, and almost invariably, one of the questions that comes up is: "Hi. I'm a Mac user. Should I be using anti-virus software?" I usually answer that while there...

By Brian Krebs | October 31, 2007; 06:00 PM ET | Comments (35)

Hiding In Plain Sight

Security Fix pop quiz, here. Is the document pictured in the image to the right the depiction of a text document, or is it an executable malicious program disguised as a harmless text file? It's actually an executable file (one...

By Brian Krebs | October 31, 2007; 11:42 AM ET | Comments (19)

Spammers Tempt Surfers to Help Solve Captchas

Call it an online game of strip poker, only spammers are the ones walking away with all the winnings. The latest innovation in malicious software takes the form of shapely "Melissa," an alluring, scantily clad blond who requests the victim's...

By Brian Krebs | October 30, 2007; 10:20 AM ET | Comments (10)

Simplifying Long-Distance Tech Support

When you're the de facto tech support guy for most of your family and friends, you quickly find yourself making a lot of house calls. But if you're not being summoned to help install memory or a new hard drive,...

By Brian Krebs | October 29, 2007; 09:37 AM ET | Comments (9)

Equifax Details Credit Freeze Plans

Big three credit reporting bureau Equifax on Wednesday detailed its plan to offer certain consumers the ability to freeze their credit files as a means of preventing identity theft. The offering provides a clearer picture of how the credit bureaus...

By Brian Krebs | October 25, 2007; 04:00 PM ET | Comments (13)

Firefox Update Plugs 8 Security Holes

Mozilla has shipped an update to its Firefox Web browser that corrects at least eight separate security flaws, including two that Mozilla flagged as especially serious. Firefox users should have already received an update that brings the browser to version...

By Brian Krebs | October 25, 2007; 09:38 AM ET | Comments (23)

Should E-Mail Addresses Be Considered Private Data?

A database of e-mail addresses and other contact information stolen from business software provider Salesforce.com is being used in an ongoing series of targeted e-mail attacks against customers of several Salesforce.com business clients, including SunTrust and Automatic Data Processing Inc....

By Brian Krebs | October 19, 2007; 06:00 PM ET | Comments (19)

Stock Spammers Pump It Up With MP3 Files

Spammers involved in pump-and-dump scams touting penny stocks now are using MP3 music files to lure investors, a switch security experts say is the latest tactic designed to sneak the messages past spam filters. According to e-mail security provider MessageLabs,...

By Brian Krebs | October 18, 2007; 01:48 PM ET | Comments (5)

Java Update Plugs Multiple Security Holes

Sun Microsystems is pushing out an important security update to various versions of its Java Runtime Environment (JRE) software, along with a couple of changes designed to make patching the program more predictable and manageable for companies running custom versions...

By Brian Krebs | October 8, 2007; 01:28 PM ET | Comments (8)

Second Credit Bureau Offers File Freeze

Consumer credit reporting bureau Experian today announced that it would allow consumers in all 50 states to freeze their credit histories, becoming the second of the three national credit bureaus to offer the freeze option. The service, which will be...

By Brian Krebs | October 4, 2007; 09:32 AM ET | Comments (15)

Microsoft's Stealth Update Backfires for Some Users

A software update Microsoft quietly delivered to millions of PCs this summer prevents the installation of at least 80 security updates when some Windows users try to fix a problem with their computer using the software's "repair" feature, according to...

By Brian Krebs | September 28, 2007; 10:23 AM ET | Comments (18)

Apple Ships iPhone Security Updates

Apple today issued a software update to plug at least 10 security holes in the iPhone, including at least seven fixes for Safari, the device's built-in Web browser. The updates are available only through iTunes, recent versions of which are...

By Brian Krebs | September 27, 2007; 04:47 PM ET | Comments (19)

TransUnion to Offer Credit Freeze In All U.S. States

TransUnion, one of the three major consumer credit reporting bureaus, said Tuesday that starting next month it will allow consumers to freeze and thaw their credit files as a means to prevent identity theft. A credit freeze directs the credit...

By Brian Krebs | September 19, 2007; 05:30 PM ET | Comments (19)

AOL's Free Anti-Virus Switcheroo

A number of AOL users who have taken advantage of the free "Active Virus Shield" anti-virus offer from Kasperksy are complaining that the software has ceased downloading updates. Turns out AOL recently severed its relationship with Kaspersky, and is now...

By Brian Krebs | September 12, 2007; 11:10 AM ET | Comments (13)

Security Updates for Windows 2000, Instant Messager

Microsoft Corp. released a mercifully light batch of software updates today as part of its regularly scheduled "Patch Tuesday" release cycle. Most Windows users will likely have to install just a single security update this time around. The fixes are...

By Brian Krebs | September 11, 2007; 02:27 PM ET | Comments (7)

Skype Users: Beware of Instant Message Worm

Skype, the eBay-owned Internet telephone service, is warning users to be on guard against a new computer worm that arrives disguised as a chat invitation via Skype's built-in instant messaging feature. The worm, which goes by the names "W32/Ramex.A," "W32/Pyskpa.D"...

By Brian Krebs | September 11, 2007; 09:10 AM ET | Comments (4)

E-Greeting Card Giant Unaffected By Storm Worm

It's been nearly three weeks since I first wrote about the Storm worm authors using fake online greeting cards to trick people into clicking on links to Web sites that try to download and install malicious software. Since then, it...

By Brian Krebs | September 6, 2007; 08:52 AM ET | Comments (14)

Hacking Groceries: Internet Coupon Fraud

Over the weekend, my wife and I were shopping at Magruder's, a local grocery chain to which we're fiercely loyal, and we noticed a handwritten sign attached to the credit-card reader in the checkout line: "Attn customers: Due to coupon...

By Brian Krebs | August 27, 2007; 12:15 PM ET | Comments (19)

Storm Worm Authors Turn to YouTube Lures

Security Fix has spilled quite a bit of digital ink warning readers about the ever changing tactics of criminals behind the the indefatigable "Storm worm." This week's tactic (or today's as the case may be) involves e-mailed Web links disguised...

By Brian Krebs | August 27, 2007; 10:22 AM ET | Comments (8)

Don't Join the Club

The great Groucho Marx once quipped, "I don't want to belong to any club that will accept me as a member." E-mail users would do well to adopt this attitude with respect to unsolicited invites to join members-only Web sites,...

By Brian Krebs | August 22, 2007; 03:33 PM ET | Comments (14)

Beware of Five-Star Vaporware

U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else's software received the same "5-star" rating and high praise from...

By Brian Krebs | August 20, 2007; 10:08 AM ET | Comments (8)

Would You Like A Job With That Virus?

Cyber crooks are targeting a wave of new attacks at people searching for jobs online, security experts warn. Oddly enough, the criminals behind this scam appear to be just as interested in hiring you as they are in hijacking your...

By Brian Krebs | August 17, 2007; 04:20 PM ET | Comments (12)

A Heads-Up For Yahoo! Messenger Users

People who use Yahoo! Messenger to video chat online with friends and family should be extra wary of incoming chat invitations from strangers. Reports suggest the presence of a previously unknown security hole in the software that attackers could...

By Brian Krebs | August 16, 2007; 12:02 PM ET | Comments (10)

Microsoft Fixes 14 Software Security Flaws

Microsoft today released software updates to plug at least 14 security holes in computers powered by different versions of its Windows operating system and other software. The updates are available from the Microsoft Update Web site or via Automatic Updates....

By Brian Krebs | August 14, 2007; 02:01 PM ET | Comments (12)

Security Fix Pop Quiz, Summer 2007 Edition

Yes, dear readers, it's time once again for a Security Fix Pop Quiz, intended to serve as a gentle reminder to install security updates for third-party programs. The table below lists the software title, the date each update was released,...

By Brian Krebs | August 13, 2007; 02:57 PM ET | Comments (13)

Attacks Prompt Update for 'Tor' Anonymity Network

One of the best-known and free services for helping Internet users maintain their anonymity online - a network known simply as "Tor" -- suffered an attack this past week that may have exposed the identities of thousands of users. The...

By Brian Krebs | August 8, 2007; 02:00 PM ET | Comments (1)

Watch Out for Fake Tax 'Rebate' Sites

It's not exactly tax-filing time in the United States, but that doesn't mean online scammers aren't out to capture the money owed to you by Uncle Sam. A scam Web site spotted recently by Security Fix is one of a...

By Brian Krebs | August 8, 2007; 08:51 AM ET | Comments (5)

Internet Explorer and Your Web Site's Privacy

Several months ago, Security Fix looked at a feature of Microsoft's Internet Explorer 6 Web browser that was difficult to fathom (see: Clipboard Data Theft Optional in IE7). While interviewing a source at the DEF CON hacker conference last week,...

By Brian Krebs | August 7, 2007; 01:30 PM ET | Comments (24)

iPhone Exploits Revealed

LAS VEGAS -- Two methods that could allow criminals to break into and steal data from Apple's iPhone were demonstrated Thursday here at the Black Hat hacker conference. Charlie Miller, a researcher with Independent Security Evaluators, had warned Apple...

By Brian Krebs | August 3, 2007; 01:39 PM ET | Comments (13)

New Tool Automates Webmail Account Hijacks

LAS VEGAS -- Logging into your MySpace, Facebook, Yahoo!, Gmail or Hotmail account over a wireless connection just got a lot more dicey, as researchers here at the Black Hat hacker conference today demonstrated a new set of tools...

By Brian Krebs | August 2, 2007; 03:16 PM ET | Comments (22)

Microsoft Plugs 11 Software Holes

Microsoft Corp. today pushed out software updates to plug at least 11 separate security holes in its Windows operating system and other software. Windows users can grab the updates via the Microsoft Update Web site, through Automatic Updates, or download...

By Brian Krebs | July 10, 2007; 02:55 PM ET | Comments (7)

A Word of Caution About Google Calendar

I've been playing around with Google Calendar, a beta service from the search-engine giant that lets users store -- and share -- calendar data online. It's a great Web-based tool, but in experimenting with it I found that far too...

By Brian Krebs | July 6, 2007; 06:00 AM ET | Comments (11)

Credit Freeze Now an Option for D.C. Residents

Residents of the District of Columbia now have the right to "freeze" their credit reports as a way to ward off identity thieves. As of July 1, people living in the nation's capital can request a "credit freeze" from the...

By Brian Krebs | July 2, 2007; 05:21 PM ET | Comments (10)

Web Worm Whacks MySpace Users

A complex, ongoing attack on MySpace.com users is turning victim's sites and computers into hosts for serving phishing scams and computer viruses. Earlier this week, some MySpace user pages were seeded with computer code seeking to exploit one of three...

By Brian Krebs | June 27, 2007; 01:52 PM ET | Comments (21)

Glubble: The Web in a Kid-Friendly Bubble

Last week, Security Fix highlighted a software-free approach to helping parents block objectionable online content. Today, I'm profiling a new service that debuted this week - an "add-on" or extension for Mozilla's Firefox Web browser that takes the opposite approach:...

By Brian Krebs | June 19, 2007; 11:41 AM ET | Comments (8)

Mpack Exploit Tool Slips through Security Holes

Researchers have been charting the rise in threats created by a new software exploit tool known as "Mpack," a virtual attack kit designed to be embedded in hacked or malicious Web sites. It targets security holes in multiple software products,...

By Brian Krebs | June 18, 2007; 04:15 PM ET | Comments (10)

A Software-Free Approach to Blocking Online Porn

Many readers have asked for advice on how to protect their kids from accidentally or purposefully viewing Internet porn, so over the next week or so Security Fix will examine various free methods for helping users block adult Web sites...

By Brian Krebs | June 15, 2007; 02:22 PM ET | Comments (20)

Apple Issues Windows Safari Bug Fixes

Apple today issued software updates to fix at least three security vulnerabilities in the new version of the Safari Web browser, designed for Windows PCs. The fixes are available in a new version of the browser, Safari 3.0.1 Public Beta...

By Brian Krebs | June 14, 2007; 10:15 AM ET | Comments (21)

FBI Unveils Movable Feast with 'Operation Bot Roast'

The FBI said today it has identified more than 1 million personal computers that have been infected with computer worms enabling the attackers to control PCs for criminal purposes such as sending spam, spreading spyware and attacking Web sites. The...

By Brian Krebs | June 13, 2007; 05:03 PM ET | Comments (6)

ZoneAlarm for Windows Vista Released

For the millions of computer users who purchased a new PC during the past five months, there have been precious few options for true, two-way firewall software on Windows Vista. But now, Check Point Software Technologies has released its popular...

By Brian Krebs | June 13, 2007; 10:35 AM ET | Comments (30)

Microsoft Plugs 15 Security Holes

Microsoft issued free software updates today to fix at least 15 separate security flaws in its Windows operating system and other software. Windows users can grab the patches by visiting Microsoft Update or by turning on Automatic Updates. Nine of...

By Brian Krebs | June 12, 2007; 02:22 PM ET | Comments (18)

Yahoo! IM Users Should Upgrade Immediately

People who chat online using Yahoo! Messenger software should upgrade their program. The company has pushed out a fix to plug two newly discovered security holes. The two critical vulnerabilities reside in Yahoo! Messenger versions 8.1.0.249 and earlier. The flaws...

By Brian Krebs | June 9, 2007; 02:30 PM ET | Comments (13)

Sun Issues Java Security Update

Sun Microsystems has issued an update to plug a pair of security holes in its Java Runtime Environment software. JRE is a widely installed software bundle that Web sites use to serve visitors with multimedia, interactive content. One of the...

By Brian Krebs | June 8, 2007; 02:59 PM ET | Comments (8)

Report Shows 7 Percent of Sponsored Links Dangerous

Clicking on a search engine's results of popular computer terms like "wallpaper" or "screensaver" remains a fairly risky endeavor when it comes to security, according to an updated study. The second annual State of Search Engine Safety report from McAfee...

By Brian Krebs | June 4, 2007; 10:52 AM ET | Comments (5)

A New Vector For Hackers -- Firefox Add-Ons

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users. By design, each Firefox extension -- any...

By Brian Krebs | May 30, 2007; 05:01 AM ET | Comments (41)

Spy vs. I-Spy: A Tale of Dueling Anti-Spyware Bills

The House of Representatives last week passed a bill called the "I-SPY Act" -- a.k.a. the "Internet Spyware Prevention Act of 2007." I believe it's important to highlight the benefits and limitations of this measure. For starters, I-SPY is an...

By Brian Krebs | May 29, 2007; 08:43 AM ET | Comments (3)

Apple, Microsoft Issue Security Updates

Apple yesterday pushed out an update to plug at least 17 separate security holes in its Mac OS X operating system and other software. Mac users can get the latest patch bundle from Apple Downloads or through the built-in Software...

By Brian Krebs | May 25, 2007; 03:29 PM ET | Comments (6)

Phishing Attacks Soar as Scammer Nets Widen

Some of the Web's most prolific organized online criminals are starting to step up the frequency and sophistication of phishing attacks, targeting commercial banks, job hunting sites and data brokers, Security Fix has learned. Typically, phishing scams involve phony e-mails...

By Brian Krebs | May 24, 2007; 05:20 PM ET | Comments (9)

Cyber Crooks Hijack Activities of Large Web-Hosting Firm

Organized crime groups have modified a significant share of the Web sites operated by one of the Internet's largest Web hosting companies to launch cyber attacks against visitors, Security Fix has learned. Last month, Phoenix-based IPOWER Inc. was featured prominently...

By Brian Krebs | May 23, 2007; 10:30 AM ET | Comments (21)

Scammers Target Elderly With Aid of Data Brokers

Consumer data broker infoUSA reaped huge profits selling lists with the names of elderly individuals and others likely to be easy targets for identity thieves and con artists, according to a harrowing story in Sunday's New York Times. The newspaper...

By Brian Krebs | May 21, 2007; 02:15 PM ET | Comments (1)

Firefox Surfers More Likely Patched Than IE Users

New statistics released today indicate that people who use Mozilla's Firefox Web browser are more likely to be cruising the Web with all of the latest security updates installed than those surfing with Microsoft's Internet Explorer. Internet Security vendor Secunia...

By Brian Krebs | May 16, 2007; 04:16 PM ET | Comments (24)

The Politics of Identity Theft

Washingtonpost.com today ran an in-depth story I wrote examining the politics behind the identity theft problem in one state. It is told through the eyes of a Delaware resident who championed a measure and ultimately won passage of a law....

By Brian Krebs | May 9, 2007; 11:25 AM ET | Comments (22)

AOL's Password Puzzler

A reader wrote in Friday with an interesting observation: When he went to access his AOL.com account, he accidentally entered an extra character at the end of his password. But that didn't stop him from entering his account. Curious, the...

By Brian Krebs | May 5, 2007; 06:35 PM ET | Comments (51)

Apple Patches QuickTime Security Hole

Apple today issued a software update to plug a security hole in its QuickTime media player software. The flaw is present in both Mac OS X and Windows versions of the player. Mac users can get the fix through Apple's...

By Brian Krebs | May 1, 2007; 05:22 PM ET | Comments (9)

Rogue Networks Stir Trouble for Firms of All Sizes

It is disconcerting to hear that a recent audit of the Internal Revenue Service's computer security posture revealed that some field offices were operating wireless networks accessible to anyone lurking nearby with a laptop. The IRS inspector general's office scanned...

By Brian Krebs | April 20, 2007; 02:15 PM ET | Comments (8)

Apple Issues Patches for 25 Security Holes

Apple today released software updates to plug more than two dozen security holes in its Mac OS X operating system and other software. The free patches are available via the Mac's built-in Software Update feature or directly from Apple's Web...

By Brian Krebs | April 19, 2007; 05:41 PM ET | Comments (40)

Smile, You're on Criminal Camera

Security Fix recently highlighted a pair of surveillance devices that criminals had attached to an automated teller machine in Tyson's Corner, Va., to steal financial data from unsuspecting bank machine customers. A few readers responded by asking why they should...

By Brian Krebs | April 18, 2007; 04:44 PM ET | Comments (8)

Data Breach Aided University Phishing Scam

A highly targeted phishing attack last year that scammed dozens of Indiana University students out of their personal and financial data appears to have been aided in part by a previously undisclosed hacker break-in at one of the school's main...

By Brian Krebs | April 16, 2007; 04:30 PM ET | Comments (9)

Practicing Street Smarts at the ATM

Each time I pull money out of a bank's automated teller machine -- even if it's an ATM that is very familiar to me -- I always use caution to ensure that no one or thing is surreptitiously trying to...

By Brian Krebs | April 16, 2007; 10:30 AM ET | Comments (20)

Tax Time Means Fraud Time

The arrival of tax season brings the inevitable scam e-mails and Web sites claiming to be affiliated with the Internal Revenue Service, the Treasury Department, or an online tax refund or preparation service. Here's the latest scam: Members of Phishtank,...

By Brian Krebs | April 13, 2007; 04:39 PM ET | Comments (1)

Microsoft Warns of Attacks on Web Service Flaw

Attackers are actively exploiting a newly reported flaw in Microsoft's software that is allowing them to break into vulnerable systems, the software giant warned Thursday. The vulnerability applies to Windows 2000 Server and Windows Server 2003 running the DNS Server...

By Brian Krebs | April 13, 2007; 01:30 PM ET | Comments (10)

Critical Vista Flaw Leads Patch Tuesday Lineup

Update, April 11, 12:06 p.m.: An earlier version of this post incorrectly stated that Microsoft had re-issued a patch that it originally released on Tuesday, Apr. 3. The text below has been changed. Original post: Microsoft Corp. today issued a...

By Brian Krebs | April 10, 2007; 04:57 PM ET | Comments (14)

Research Suggests Weakness in Anti-Phishing Technology

Security experts have warned for some time now that certain anti-online-fraud technology deployed by many major financial institutions may be lulling online banking users into a false sense of protection. Today, two university researchers released a demo in an attempt...

By Brian Krebs | April 10, 2007; 10:01 AM ET | Comments (10)

I'd Like a Double Espresso and Your Password, Please

One of the perennial questions I get from readers is whether it is safe to log into personal e-mail accounts at the local coffeehouse or even via a neighbor's wireless network. My answer remains the same: If you do not...

By Brian Krebs | April 9, 2007; 01:30 PM ET | Comments (18)

Yoo-Hoo! Do You Yahoo?

Yahoo! is urging users of its Yahoo! Messenger instant messaging software to update the program with a patch plugging a serious security hole that bad guys could use to break into PCs. Anyone who downloaded the program prior to Mar....

By Brian Krebs | April 4, 2007; 04:15 PM ET | Comments (12)

Microsoft Issues Emergency Patch

Microsoft Corp. today issued an emergency software update to plug a critical security hole in its Windows operating system. The free update is available either from the Microsoft Update site or via the company's automatic updates feature. Alternatively, Windows users...

By Brian Krebs | April 3, 2007; 03:58 PM ET | Comments (24)

Microsoft Rushes Out a Security Update

Microsoft Corp. yesterday said it plans to issue a software update on Tuesday to fix a dangerous security flaw in its Windows operating system -- a flaw that cyber criminals are actively targeting to gain access to computers across the...

By Brian Krebs | April 2, 2007; 01:20 PM ET | Comments (51)

Attackers Exploit Unpatched Explorer Flaw

Microsoft is warning Windows users that hackers are exploiting a newly discovered flaw. It enables criminals to hijack Windows PCs if users merely visit a hostile Web site with an Internet Explorer browser or open a specially crafted e-mail message....

By Brian Krebs | March 29, 2007; 03:10 PM ET | Comments (22)

Enabling the Spammers

Spammers are having a field day with a string of recently discovered security vulnerabilities in MailEnable, an e-mail server program offered by many large, dedicated Web hosting companies. Over the past few months, MailEnable has released updates at least a...

By Brian Krebs | March 27, 2007; 04:52 PM ET | Comments (3)

They Say They Want a Revolution

Educational institutions churn out computer science degrees to fresh faced graduates bursting with new ideas and skills to match, but how well do they hammer home the need to write software securely? Judging from the massive number of software vulnerabilities...

By Brian Krebs | March 26, 2007; 04:45 PM ET | Comments (21)

A Fresh Look at Password Thieves

Security Fix recently published information about thousands of U.S. residents whose passwords and other data had been stolen by nefarious hackers. Last week, I received more data about the number of victims caused by the hackers' Trojan horse computer program...

By Brian Krebs | March 23, 2007; 03:19 PM ET | Comments (4)

Stolen Identities Sold Cheap on the Black Market

Recovering from identity theft can take years and cost thousands of dollars. But how much is your identity worth to the thieves who sell it to other fraudsters? Turns out, less than the price of two tickets to the movies....

By Brian Krebs | March 19, 2007; 12:01 AM ET | Comments (21)

Tracking the Password Thieves

The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting,...

By Brian Krebs | March 14, 2007; 12:01 AM ET | Comments (63)

Apple Releases a Bushel of Software Patches

Today turned out to be "Patch Tuesday" after all, only the security updates were released by Apple instead of Microsoft. Apple issued security updates to plug at least 46 separate security holes in its operating system and other software. The...

By Brian Krebs | March 13, 2007; 06:42 PM ET | Comments (6)

Online Anti-Virus Scans: A Free Second Opinion

Periodic online virus scanning is a good idea for Windows users, even for people already using up-to-date anti-virus tools. There are a couple of reasons I suggest this: First, anti-virus software is frequently slow to spot new threats. Take a...

By Brian Krebs | March 9, 2007; 10:53 AM ET | Comments (27)

Vishing: Dialing for Dollars, Part II

Security Fix received a copy of a new scam e-mail targeting Bank of America customers that is likely to con quite a few folks before it is shut down. Sure, Bank of America is hit by this sort of thing...

By Brian Krebs | March 8, 2007; 12:26 PM ET | Comments (7)

Apple Patches QuickTime Holes

Apple on Monday issued security patches to plug multiple security holes in its QuickTime media player software. The new version of the player -- QuickTime 7.1.5 -- fixes at least eight separate and serious vulnerabilities. Updates are available for Mac...

By Brian Krebs | March 6, 2007; 10:37 AM ET | Comments (22)

Fool Me Once, Shame On You But Fool Me Twice...

In aiming to settle a class action suit, a group of companies is throwing a proverbial pie in the face of affected consumers. A Security Fix reader forwarded an e-mail about a benefit he allegedly was eligible to collect as...

By Brian Krebs | February 26, 2007; 03:35 PM ET | Comments (35)

Mozilla Plugs Firefox Security Holes

Mozilla on Friday published software updates to fix a baker's dozen security and compatibility problems with its Firefox Web browser. The new version includes fixes for serious security flaws along with updates designed to make Firefox play nicer with Vista,...

By Brian Krebs | February 26, 2007; 10:31 AM ET | Comments (4)

Congressman Wants Answers About TSA Site

Citing reports by Security Fix and Wired, the chairman of the House Committee on Oversight and Government Reform is demanding that the Transportation Security Administration produce a raft of documents to explain why it created a Web site for airline...

By Brian Krebs | February 24, 2007; 12:30 PM ET | Comments (4)

Data Breach Hits Close to Home

I took some time off work last fall to spend with my wife, who had just been diagnosed with a golf-ball-sized tumor in her brain that needed to be removed. With the help of a few well-connected friends, we were...

By Brian Krebs | February 22, 2007; 11:45 AM ET | Comments (6)

Apple Works To Stave Off Big Mac Attack

Apple Inc. on Thursday issued patches to plug five separate security holes in software included on its Mac OS X computers. Mac users can download the free updates through the Mac's built-in software update feature or directly from Apple downloads....

By Brian Krebs | February 16, 2007; 10:40 AM ET | Comments (28)

Valentine Or Virus?

It could be a Happy Virus Day for you as virus writers love to take advantage of the blizzard of e-greeting cards swirling around the Internet. Finnish anti-virus firm F-Secure warns that the poisoned love letters already are circulating. The...

By Brian Krebs | February 14, 2007; 01:01 PM ET | Comments (5)

Microsoft Releases Patches to Fix 20 Security Holes

Microsoft Corp. today issued a dozen software updates to plug at least 20 security holes in its Windows operating system and other software, including fixes for a number of vulnerabilities in Office that hackers are currently exploiting to hijack vulnerable...

By Brian Krebs | February 13, 2007; 02:22 PM ET | Comments (3)

Perils in Parallels?

Earlier this week Security Fix managed to install a new copy of Microsoft's Windows Vista Ultimate on top of Apple's Mac OS X operating system running on a Macbook Pro. I did this using Parallels, a powerful "virtual machine" program...

By Brian Krebs | February 10, 2007; 03:30 PM ET | Comments (35)

Birth of the Verbal Hack?

Microsoft Corp. said Wednesday that a voice-recognition feature built into Vista -- the new version of Windows that went on sale this week -- could be exploited remotely to delete files on a victim's machine if he or she visited...

By Brian Krebs | February 1, 2007; 10:50 AM ET | Comments (18)

In Praise of Phish Fighters

It isn't often that the public is afforded a peek into federal law enforcement efforts to combat "phishing" scams, fraudulent e-mail lures for Web sites created to assume the look of trusted online brands and steal personal information. But February...

By Brian Krebs | January 31, 2007; 05:45 PM ET | Comments (5)

Apple Patches Mac Wireless Security Hole

Apple Inc. on Thursday released a security update to patch a hole in the wireless Internet software built into many of its computers running Mac OS X. The update applies to Core Duo versions of the Mac mini, MacBook and...

By Brian Krebs | January 26, 2007; 01:26 PM ET | Comments (12)

Missed Software Upgrade Blamed for Conn. Porn Case

Many Security Fix readers have been quick to express their outrage in response to my post from this morning about a substitute teacher in Connecticut who could be sentenced for up to 40 years in prison after she was convicted...

By Brian Krebs | January 25, 2007; 05:37 PM ET | Comments (27)

Critical Microsoft & Mozilla Patches for 2006

A couple of weeks ago, Security Fix published some data showing how risky it was for the average Windows user to browse the Web with Microsoft's Internet Explorer in 2006. That analysis found that for 284 days in 2006, bad...

By Brian Krebs | January 19, 2007; 02:21 PM ET | Comments (8)

Do Away With HTML Based E-mail

Last week, Microsoft issued a patch to fix an extremely dangerous flaw in Windows that cyber crooks could use to break into your computer just by getting you to open an e-mail. Let that sink in a moment: Merely by...

By Brian Krebs | January 17, 2007; 08:39 AM ET | Comments (57)

Note to MySpace Users: Get Better Passwords

An active scam Web site designed to look like the login page for social-networking site MySpace.com appears to have stolen user names and passwords from nearly 60,000 people, according to data in a file that was linked to today from...

By Brian Krebs | January 15, 2007; 12:45 PM ET | Comments (13)

New E-Commerce Identity Tag Makes Online Debut

A long-promised technology for helping consumers verify the legitimacy of commercial Web sites made its debut on the Internet Friday: Visit online security company Entrust's login page with Microsoft's Internet Explorer 7 Web browser and you'll notice that the address...

By Brian Krebs | January 13, 2007; 12:18 PM ET | Comments (37)

Free Tool Scans Your PC for Missing Patches

A number of past Security Fix postings lamented the lack of a free software tool that Windows computer users could use to quickly and easily scan their machines for missing patches for the myriad applications that run on top of...

By Brian Krebs | January 11, 2007; 02:00 PM ET | Comments (19)

A Warning to Windows Users on Acer Laptops

Update, Jan. 16, 12:57 p.m: Acer has released an update that automates the deactivation of the culprit file, as described in this blog. The patch can be downloaded from this link here. Also, U.S. CERT has issued an advisory about...

By Brian Krebs | January 10, 2007; 12:52 PM ET | Comments (16)

Microsoft Plugs Ten Security Holes

Microsoft Corp. today issued free software updates to plug at least 10 security holes in its Windows operating system and other software. Windows users can download the patches directly from Microsoft Update or by using the Windows Automatic Updates feature....

By Brian Krebs | January 9, 2007; 01:58 PM ET | Comments (9)

Microsoft's Achilles' Heel: Office

The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. This PowerPoint file, which resembled an innocuous version that was being forwarded around the Web by many...

By Brian Krebs | January 5, 2007; 06:00 AM ET | Comments (15)

Internet Explorer Unsafe for 284 Days in 2006

Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products. Since Windows is the most-used operating system in the world, it...

By Brian Krebs | January 4, 2007; 06:45 AM ET | Comments (108)

Grim 2007 Cyber Forecast (and a Nod to Late Pres. Ford)

The Washington Post's Business section today ran a story I wrote last week about the rise in spam and organized cyber crime -- a rise driven principally by a huge uptick in the number of security holes identified in widely...

By Brian Krebs | December 27, 2006; 12:27 PM ET | Comments (2)

New Firefox Version Fixes 8 Security Holes

Mozilla on Tuesday released updates to fix at least eight security vulnerabilities in its Firefox Web browser and related software. Five of the eight flaws received a "critical" label, meaning that an attacker could exploit them to break into machines...

By Brian Krebs | December 20, 2006; 09:10 AM ET | Comments (21)

Microsoft's Monthly Patch Release Plugs 11 Security Holes

Microsoft Corp. today released software updates to fix at least 11 security holes in various versions of its Windows operating system and other products. Windows users can download the free updates manually from Microsoft Update or via Automatic Updates. This...

By Brian Krebs | December 12, 2006; 01:57 PM ET | Comments (10)

Phishing Scams Soared in October

The number of phishing Web sites set up to impersonate banks and steal people's financial and personal data skyrocketed in October to 37,444, the highest on record, according to stats released this week. The Anti-Phishing Working Group reports that 52...

By Brian Krebs | December 12, 2006; 10:50 AM ET | Comments (5)

Finding the Free Version of AVG 7.5 Anti-Virus

A number of Security Fix readers have written to ask whether AVG would continue to offer a free version of its anti-virus product, as users have been seeing pop-up notices lately saying their software would expire in mid-January and that...

By Brian Krebs | December 11, 2006; 08:45 AM ET | Comments (32)

Time to Update Your Adobe Reader

Adobe Systems is urging users who run the company's Adobe Reader software on Microsoft Windows computers to update to a new version of the popular PDF document viewer, after the company was alerted to several flaws that criminals could exploit...

By Brian Krebs | December 8, 2006; 12:30 PM ET | Comments (20)

How Not to Distribute Security Patches

Over the weekend MySpace was hit by a password-stealing computer worm that took advantage of a weakness in Apple's QuickTime media player to spread rapidly among the online community's users. On Tuesday, MySpace administrators sent around a memo urging millions...

By Brian Krebs | December 6, 2006; 09:07 AM ET | Comments (16)

Microsoft Patches 9 Security Holes

Microsoft Corp. today issued patches to mend at least nine separate vulnerabilities in its Windows operating systems and other software, including three security holes that criminal hackers already are exploiting. As always, users can download and install the patches via...

By Brian Krebs | November 14, 2006; 03:00 PM ET | Comments (7)

recent posts

Stories by Category

Stories By Date

related links

syndicate

Brian Krebs on Computer Security

Archive: Safety Tips