Comments on: Harvesting Data on the Xarvester Botmaster

By: bob

bob — Thu, 09 Aug 2012 09:26:58 +0000

‘ registered to the English equivalent of “John Smith” ‘

‘ Russian equivalent ‘, surely?

By: Kathy

Kathy — Wed, 08 Aug 2012 14:14:52 +0000

Can anyone tell me about this spam attack?,adapter=A

By: BrianKrebs

BrianKrebs — Wed, 08 Aug 2012 14:07:49 +0000

Do me a favor, Na and drop me a line at an email address I can reply to. Contact form is here:

http://krebsonsecurity.com/about/

Thanks.

By: BrianKrebs

BrianKrebs — Wed, 08 Aug 2012 14:07:00 +0000

I’ve been focusing on individuals who either ran and developed large spam botnets or had a hand in operating parts of them. So far, I’ve done that with most of the present and past major spam bots, including Cutwail, Grum, Rustock, Srizbi, Festi, Bredolab, Mega-D ZeuS, and Waledac.

http://krebsonsecurity.com/category/pharma-wars/

By: na

na — Wed, 08 Aug 2012 13:29:14 +0000

neej, I would remind you that these are open comments and you have no idea who you could be speaking to. A grain of salt might be wise before you go off on someone especially if you are mistaken. ‘Lockers’ as I mentioned has NOTHING to do with mobile phones or anything you mentioned in the reply. This leads me to believe you are not only belligerent but also do not know what you are talking about.

Many examples of ‘Lockers’ can be found on botcrawl (dot) com on the /Malware/ Blog

‘Lockers’ are a term that refers generically to some sort of ransomeware that ‘locks’ a users pc requiring a payment through a money processing system before the computer can be used again.

In the past mostly EU countries have been targeted with these attacks via Ukask or Paysafe. However, in the last month or so there has been a significant uptake in the attacks on US citizens — in this case MoneyPak is the favored payment system.

Normally lockers tend to purposely AVOID infecting PCs in the USA, however this is no longer the case…

By: na

na — Wed, 08 Aug 2012 13:17:54 +0000

Hence my question since you have the whole DB, what has driven you to choose these specific targets verse the rest!

By: na

na — Wed, 08 Aug 2012 13:16:52 +0000

Oh come now Brain, that was a sarcastic “its not like the whole forum db was leaked”. I’m well aware it is, btw you got a new account on dk yet?

By: BrianKrebs

BrianKrebs — Wed, 08 Aug 2012 13:08:55 +0000

“I might add I am curious as to why you are choosing certain targets for example this bot-master verse others since it isn’t like the whole DB of the old forum was leaked.”

Sure it was. I have the entire SpamIt customer and affiliate database, and the entire SpamDot forum. As for what I have on more recent forums and programs, I’ll leave that to your imagination.

By: na

na — Wed, 08 Aug 2012 13:05:28 +0000

Brain, thanks for the reply. I swear I did say ‘Replaced’, I assumed you would get the double meaning (replaced literally with a new domain, replaced Criminal wise with new Venues.) Yes I would consider myself mildly experienced in the area. I might add I am curious as to why you are choosing certain targets for example this bot-master verse others since it isn’t like the whole DB of the old forum was leaked. Any comments on that subject?

By: Neej

Neej — Wed, 08 Aug 2012 12:39:29 +0000

>>For example ‘Lockers’ are all the rage, even more than Zeusish threats used for Banking theft.

If you’re referring to content lockers you are an idiot.

The user is clearly informed that they must complete an action to access content. The action may or may not involve giving personal information that could be used for criminal activity (for example mobile phone numbers, name, email and address). As it happens many large and established brands (Unilever, GSK for example) gather information using this method but of course I cannot speak for all content locker … vendors(? – can’t think of the right word)

Compare that to Zeus: software is installed without users knowledge which is then used to steal money from them.