Also in this week's IT security news: Blackhole creator returns with blinged-out exploit pack; researchers bypass Microsoft fix for IE Zero Day exploit in 24 hours; European credit card crooks cash in on $2 billion a year; John McAfee continues his pursuit of the gold medal in crazy.
Japanese police have caught a cat carrying a computer virus. Detectives with the country’s National Police Agency (NPA) nabbed the creature on an island near Tokyo as the result of a peculiar treasure hunt sparked on New Year’s Day when media outlets received an email offering them the “chance for a big scoop.” In case you were wondering: The iesys.exe virus was on a memory card on the cat’s collar.
“The development is the latest in a bizarre investigation which has previously seen threats made against a number of venues — including a school and a kindergarten attended by grandchildren of Emperor Akihito — sent from computers around the country,” reports the AFP.
Worth noting: The NPA had previously announced it had captured and gotten confessions from the four people behind this.
“Police held one of the suspects for several weeks before a broadcaster and lawyer received another anonymous message containing information that investigators conceded could only have been known by the real culprit.”
By the way, I am astounded no one has yet made a phishing joke about this.
Meanwhile, in Australia: “The company to which Australia outsources operations of its Do Not Call Register has been fined for making telemarketing calls to numbers listed on the Register.” They got hit with a $116,000 fine.
(KrebsOnSecurity) — The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.
(SCMagazine) — Symantec has linked exploits that leverage a new zero-day vulnerability in Internet Explorer to the group responsible for a spate of recent espionage attacks. Dubbed the “Elderwood Project” by Symantec, the gang’s work is responsible for at least four remote code execution vulnerabilities that were discovered in 2012 and used to spread malware to visitors of websites such as Amnesty International Hong Kong, according to a post from Symantec Security Response.
(ThreatPost) — Expect amped up pressure aimed in Microsoft’s direction for a patch for the Internet Explorer zero day that surfaced last week, now that researchers at Exodus Intelligence reported today they have developed a bypass for the Fix It that Microsoft released as a temporary mitigation.
(V3) — Card fraud made criminal gangs an estimated $1.96 billion in 2012, according to a new report from the European cross-nation law enforcement agency Europol. Its Situation Report on Payment Card Fraud in the European Union, based on data provided by law enforcement agencies and other partners, found that thefts continue to blight consumers, especially when data is lost by companies, notably in the US. This makes it easier for crooks to carry out “card not present” scams, such as ordering goods online or over the phone using information gathered illegally. Europol estimated $1,177 million of card fraud is committed in this way.
(NakedSecurity) — John McAfee claims he gave Belize officials cheap laptops that had been deliberately pre-infected with keylogging spyware, and ran a team of 23 women to seduce and spy on his intended targets. McAfee continues his quest to win an Olympic medal for crazy.