News Advanced Threats

The 5 Coolest Hacks Of 2012

Kelly Jackson Higgins

See more from Kelly

Connect directly with Kelly: Bio | Contact

Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools

Kelly Jackson Higgins December 27, 2012

1. Beating Cybercriminals At Their Own Game
Let's just say the phony antivirus scammers dialed the wrong number.

Noah Magram, principal software engineer with Sourcefire, in May did what he wouldn't normally do one night when the phone rang at dinner time: He answered it. Magram says it was his local area code in Oregon and "Borders" showing up on caller ID that tempted him to pick up.

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

The caller said he was from Microsoft, and that Magram's computer was infected and had been sending error messages to the software firm. Magram immediately knew it was a scam, but the researcher in him led him to see just how far these scammers would go. "I wanted to see if they would send me to any websites or get me to download any malware, something that we could analyze. I was really curious about what their script was," Magram says.

He knew he was onto something as it became obvious the agent on the line wasn't technology-savvy. So he played along for a while, and then decided this was too good to pass up to get a rare, firsthand look at a fake AV scam. So he started up a VMware virtual machine on his Windows PC. "I realized I could give them an environment to bang around in," Magram says. At the urging of the scammers, he installed LogMeIn, a legitimate remote access tool, and "Victor," the technician, was then inside the machine. Magram recorded every click the scammers made via this impromptu honeypot.

The scammers brazenly deleted Windows services off Magram's "PC," but had no clue they were actually trapped inside a virtual machine, even when VMware services appeared on the screen.

"I had always wondered what their capabilities are" in these scams, he says. "But I was shocked how clueless and clumsy there were. They are placing thousands of these calls, and they are not sophisticated."

Magram recorded a video of the episode, which he posted online.

Page 3:
« Previous Page | 1 | 2 | 3 | 4 | 5 | 6 | Next Page »

Kelly Jackson Higgins

See more from Kelly

Connect directly with Kelly: Bio | Contact

Dark Reading Discussions

Start the Discussion

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

Advanced Persistent Threats: The New Reality

For most organizations, the imminent danger that advanced persistent threats pose has been relatively low. That's changing as attackers' target base widens, their knowledge grows and their cyber weapons trickle down to the hacker masses. In this Dark Reading report, we examine the current APT landscape and provide recommendations for protecting your organization against this growing concern.
Trends In Mobile Device Threats

While there's some debate about the level of threat mobile devices pose, there's no question that the threat is growing. With readily available information about the devices in use, and often few corporate safeguards in place, mobile devices are turning out to be a lucrative vector for attackers looking for an in to enterprise networks. In this Dark Reading report, we explain how the threat is growing, what attackers are targeting and why you need to be concerned.
Heading Off Advanced Social Engineering Attacks

Social engineering attacks are getting increasingly sophisticated, but there's only so much the law and technology can do to protect your organization. In this Dark Reading report, we detail how a social engineering attack is developed and what IT professionals can do to prevent their users from being targets and victims.

Other reports from the Advanced Threats Tech Center:

Related Content

Sponsored by

The Rising Threat of Corporate Cybercrime: Cybercriminal Motives and Methods

Cybercriminals are leveraging vulnerabilities of the Internet, browsers, operating systems, and applications to secretly and proficiently gain access to corporate information assets. Compromising employee endpoints with malware has become the preferred method; a far simpler path into the corporate network than a direct network attack. Our latest white paper discusses the cybercriminal motives and methods, and presents the need for Enterprises to recognize this growing danger and implement technologies that effectively prevent malware, the root cause of cybercrime.
Evolving Endpoint Malware Detection, Dealing with Advanced and Targeted Attacks

Advanced malware targeting employee endpoints is a major threat to corporate intellectual property, regulated data and financial assets. Perimeter and traditional endpoint defenses are struggling to meet this emerging threat in the face of a changing IT landscape: desktop virtualization, remote access, BYOD and Cloud migration. This whitepaper explains how advanced malware challenges traditional defenses to take advantage of the increased exposure of employee endpoints. It review's the evolution of advanced targeted attacks, the various approaches used to address them and how organizations should think about their current and future malware defense strategy.
Zero-Day Exploits and APTs: Security Requirements vs. Operational Challenges

Enterprises are losing the battle against advanced, information-stealing malware attacks. We continuously discover new application vulnerabilities which are quickly exploited by cybercriminals. Traditional blacklisting solutions don't work, and more advanced whitelisting-solutions are unmanageable. How do you overcome the manageability and operational challenges of advanced malware protection?

In this webinar, guest speaker Rick Holland, senior analyst serving Security & Risk Professionals at Forrester Research, Inc., will discuss the security and operational challenges associated with advanced malware protection. Rick will review the technical and operational requirements organizations should consider when looking to prevent and mitigate advanced malware. Dana Tamir, Director of Product Management at Trusteer, will then introduce Trusteer Apex which applies a new groundbreaking approach for stopping zero-day exploits and data exfiltration.

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Dark Reading May 2013 Digital Supplemental Issue

Back Issues

In This Issue

The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Advanced Threats

The 5 Coolest Hacks Of 2012

Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Advanced Persistent Threats: The New Reality

Trends In Mobile Device Threats

Heading Off Advanced Social Engineering Attacks

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Advanced Threats

The 5 Coolest Hacks Of 2012

Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Related Content

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue