Ryan Naraine

After a brief lull, the “Storm Worm” malware attacks returned with a bang this holiday season, using electronic greeting card lures to build and replenish one of the most notorious spam botnets. The latest social engineering attacks began just before Christmas Day with a large spam run using a malicious link embedded in e-mail messages. […]

Microsoft has filed a patent claim for the Strider HoneyMonkey malware/exploit detection system created by its internal research unit. The claim, currently being reviewed at Peer-to-Patent, is a clear signal that the two-year-old research project could soon find itself in a software product coming out of the Redmond, Wash., software vendor. The HoneyMonkey system, first […]

According to reports out of Russia, two men who allegedly built and distributed the notorious Pinch malware creation kit have been busted and could soon face prosecution. The two men, identified as Ermishkin and Farkhutdinov, are allegedly responsible for the do-it-yourself toolkit that makes it possible to hijack e-mail, ICQ and other sensitive data for […]

SecureWorks anti-malware guru Joe Stewart is not one to be intimidated by advances in online crime activity. But, when he reversed the backend code associated with the Pushdo Trojan downloader, he discovered a modern malware distribution system fitted with complex tracking mechanisms and hiding techniques—another clear sign that virus fighters are up against a clever […]

An undocumented flaw in Google’s Gmail, Blogger and Search History widgets could introduce security risks to Mac OS X users. According to Scott Knaster, a member of Google’s Mac Team, the vulnerability was discovered and reported by the World Wide Web Consortium’s Thomas Roessler. “We’ve updated the widgets to fix the issues,” Knaster said, urging […]

For the first time in a decade, members of the famous LOpht Heavy Industries hacking think tank will have a reunion of sorts at a new Boston security conference. According to organizers of the SOURCE Boston confab, many of the original L0pht members will be speaking on a panel for the first time in 10 […]

Microsoft has done an impressive job of improving the quality of its security updates in recent years (yes, it used to be bad), but a new issue with a buggy Internet Explorer patch has become a big embarrassment for Redmond. Just days after shipping MS07-069 with patches for multiple critical vulnerabilities, Microsoft’s security response team […]

Alternative browser maker Opera Software has released a “highly critical” update to fix a batch of potentially serious security vulnerabilities. According to a Secunia advisory, the bugs can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user’s system. The skinny, from Opera’s documentation: “An error can be […]

For the third time this year, a remotely exploitable zero-day vulnerability has been found in software pre-installed on brand new Hewlett Packard notebook computers. The flaw, which puts millions of Windows users at risk of serious attacks, affects every HP laptop that ships with HP Software Update, the computer’s built-in patch management utility. A Polish […]

A fast moving worm is squirming though Google’s Orkut social network, adding hundreds of thousands of users to an Orkut community created by a Brazilian hacker. The worm, which first appeared on Dec. 19, has been spreading through Orkut’s Scrapbook system at a rapid pace, infecting more than 650,000 users in the space of a […]