The source code of the notorious SpyEye toolkit has been leaked, fueling speculation that one of the largest criminal malware families could become an even bigger threat. SpyEye, which surfaced in late 2009 and immediately started to compete against users of the Zeus banking malware toolkits, targets account credentials and other sensitive data. Leaking the SpyEye source code gives security researchers valuable information about the malware and the techniques of the code writers, but it also opens the door for other cybercriminals to create new variants and attack techniques.
Google's Chrome blocked four times more malicious sites and malware than a year ago, but Firefox 4 was much less effective at warning users of danger than Mozilla's browser last year, according to a report released Monday. Both were thrashed by Microsoft's Internet Explorer 9 (IE9), however, which easily retained its crown, said NSS Labs in a reprise of a 2010 study of browser anti-malware technologies.
The hacking collective Anonymous released personal data on Sunday belonging to more than 2,000 public transport customers in the San Francisco area in retaliation for the Bay Area Rapid Transit (BART) system's shutdown of mobile phone service on Thursday night.
The attackers behind the "Operation Shady RAT" targeted cyber-espionage hacks hid some of their activities behind digital images. They used steganography, a relatively rarely deployed technique for hiding malicious code or data behind image files or other innocuous-looking files. In its analysis of Operation Shady RAT, Symantec found rigged images--everything from images of a pastoral waterside scene to a suggestive photo of a woman in a hat--that were masking commands ordering the infected machines to phone home to the command-and-control (C&C) server.
Can the Obama administration fix your identity management problems? Too many passwords and usernames for websites, and what level of assurance is there in the identity of the individual anyway? How can anyone prove their age online? Back in April, when it was announced, the White House took on these tough questions with its "National Strategy for Trusted Identities in Cyberspace" initiative, now known as NSTIC.
The ThreatGeek Top 5 is a weekly post that identifies relevant industry news and stories. Check in to stay up to date with the latest happenings throughout the industry.