We’re less than 1 week away from Black Friday, said to be the busiest shopping day of the year for brick-and-mortar shops and right at a week away from Black Monday, the cyber equivalent of Black Friday for online shopping. These are exciting times for many folks but, for cyber criminals (I don’t like to use the term hacker in a derogatory context, hackers aren’t bad, cyber criminals are), it’s quite literally hunting season. We’re already seeing news about new crimeware toolkits and phishing scams that the bad guys have at the ready (and already deployed) and we’re going to try very hard to get the word out everywhere that we can to keep our customers aware and hopefully safe.
To get things started, I got an article today about a new crimeware toolkit called simply ‘cool’. I’ve put a link to the article here but the short story is that this is another tool, similar to blackhole, that makes it easy for criminals to rip you off, basically lowering the bar to be a successful cyber criminal. V3 did a short write-up / op-ed on crimeware toolkits here.
The thing to remember about most of these toolkits is that they prey on unpatched vulnerabilities to work. If you keep up-to-date with Windows, Java and Adobe [Flash Player and Reader, uninstall Shockwave if you can], you’re putting yourself out of reach for most of the miscreants using these tools. There’s also a LOT of information provided by US CERT (United States Computer Emergency Response Team) here and here.