krebs
Latest
Krebs pinpoints the likely author of the Mirai botnet
The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions.
Report confirms IoT botnet took down Krebs' security site
Two weeks ago, security researcher Brian Krebs' site KrebsOnSecurity got knocked offline by one of the biggest DDOS attacks ever recorded, which peaked at 620 Gbps. What happened? Akamai, which had been protecting the site for free but ultimately had to unload it as the sustained traffic would have cost them millions of dollars, released a postmortem today. In it, they confirm that the attacker mainly used the Mirai malware to ovewhelm Krebs' site, though there may have been another botnet involved. But the most crucial distinction from a normal DDOS strike: These bots were mostly IoT devices.
Some big websites might require you to change passwords
If you receive an email from Netflix or Facebook asking you to change your password because it matches a credential from an older security breach, you may want to heed its advice. Cybersecurity expert Brian Krebs says some big companies, including the streaming service and the social network, tend to go through data from other websites' security breaches to look for log-ins that match their users'. They then force those users to change the passwords they reused to keep them safe. If you'll recall, hackers recently sold the millions of log-in combinations they stole from LinkedIn, Tumblr and MySpace a few years ago.
Security Researcher Brian Krebs outs the man behind the Flashback malware
In April 2012, security researchers discovered a new piece of malware targeting OS X users. The malware was dubbed "Flashback" and reportedly infected more than 600,000 Mac users, including about 200 machines on Apple's Cupertino campus. The malware was able to infect so many machines because it was cleverly masqueraded as a fake Adobe Flash installer. Once active, the malware would inject ads from pay-per-click providers into search results instead of sourcing the ads from Google. The security firm Symantec estimated that the malware had the potential to net its creators upwards of US$10,000 a day, but further analysis indicated that the actual payout was much lower. From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle -- actually collecting that money is another, often more difficult, job. Many PPC providers employ anti-fraud measures and affiliate-verification processes before paying. About a week after the malware was first publicized, Apple issued a software update to remove the malware from affected machines. Over the past few months, investigative reporter and former Washington Post journalist Brian Krebs did a bit of sleuthing and was able to piece together a number of clues which purport to reveal the identity of the man behind the Flashback malware. By lurking on forum threads on a Russian-language site dedicated to black-hat SEO, the art of deceptively manipulating search results for monetary gain, Krebs was eventually able to acquire some revealing information. In a private message obtained by Krebs, he found that one user with the handle "mavook" was looking to get an invitation to Darkod, a cybercrime forum. In order to prove his bonafides, mavook took responsibility for the Flashback botnet while boasting that he specializes "in finding exploits and creating bots." Krebs adds: The senior member that Mavook petitions is quite well-known in the Russian cybercrime underground, and these two individuals also are well-known to one another. In fact, in a separate exchange on the main BlackSEO forum between the senior member and a BlackSEO user named JPS, the senior member recommends Mavook as a guy who knows his stuff and can be counted on to produce reliable attack tools. Following that, Krebs took a look at mavook's profile page and saw that his personal homepage was at one point mavook.com. Krebs was then able to look at old WHOIS registration records and come up with a name -- Maxim Selikhanovich, a 30-year-old from Saransk, Russia. The full details behind Krebs' investigation are rather interesting and worth checking out in their entirety.
