Comments on: Three Charged in Connection with ‘Gozi’ Trojan

By: polo

polo — Sat, 26 Jan 2013 22:59:13 +0000

Bob,

sorry but I don’t understand your reply.

It’s not about generating a card number (what you refer to as “id”?), since that number is asked ( and alas gotten ) already in the inject field “card number”.

And anyway if you get that number you won’t (from what i read) be able to make a usable card without adding CVV to the stripe. The CVV is calculated factoring various front info like card number and expiary date AND a secret key know only to the card maker.

By: nov

nov — Fri, 25 Jan 2013 18:23:00 +0000

According to the Paunescu complaint (http://krebsonsecurity.com/wp-content/uploads/2013/01/Paunescu-Mihai-Ionut-Complaint.pdf) it seems the Paunescu hosting service was a callback for the ‘Virut’ Botnet (http://krebsonsecurity.com/2013/01/polish-takedown-targets-virut-botnet/) . See the complaint page 15, paragraph 25.a. and page 13, paragraph 23.b.

By: Aleksey

Aleksey — Fri, 25 Jan 2013 15:40:33 +0000

What is ” slow and cumbersome, useless and of no impact.” ? FBI efforts in addressing the issue of financial trojans? I would disagree, they definitely deserve credit for uncovering the real identity of a person behind online nickname and they definitely used well the amazing opportunity they got when Kuzmin was stupid enough to travel to the states.
Looking at the trend, it seems like FBI knows the real identity of many people who are prominent in “the biz”. Once the criminals take the mind-boggling-stupid step of entering US or US-friendly jurisdiction they are caught and detained. I say this is really good work by the agency.

By: bob

bob — Fri, 25 Jan 2013 13:36:46 +0000

Some card manufacturers still create the card using non-random ids. Depending on the card, if I know your bank and account number I can generate a valid card id.

If I’ve got the pin as well, generating a (non-chip&pin) card is trivial.

By: Aleksey

Aleksey — Thu, 24 Jan 2013 15:36:22 +0000

Bingo! I’m surprised this is not covered in Russian news yet. I’m sure it will be soon.

By: tarzan

tarzan — Thu, 24 Jan 2013 14:08:51 +0000

Regrettably, the mechanisms in place to differentiate between secure and unsecure content on a web page are often ignored (although I am unsure of how useful these tools would be in this case). All too frequently consumers are “trained” by web developers to ignore certificate warnings, and browser developers make it easy by including the “do not warne me againe” option on the pop-up boxes, giving the uneducated users a dangerous option. Educating users is the best course of action, and Brian’s blog is doing this quite well – well done Brian. Please continue your efforts.

By: LoL

LoL — Thu, 24 Jan 2013 12:44:15 +0000

Aleksey, read please this document:
http://www.justice.gov/usao/nys/pressreleases/January13/GoziVirusDocuments/Kuzmin,%20Nikita%20Complaint.pdf, page 22, paragraph 30.

By: Aleksey

Aleksey — Thu, 24 Jan 2013 12:14:14 +0000

There’s certain visual similarity between RdM-[YanDeX] and the foster son of Vladimir Kuz’min. But what links the person with this online nickname to Gozi trojan and the related FBI cybercrime investigation ?

By: Marty K

Marty K — Thu, 24 Jan 2013 11:52:42 +0000

As this is the customers browser, we (Banks) can’t do much. Some Banks offer the customer to download security software to prevent the inject (e.g.: software on the browser checks if any unusual activity is going on, and warns the user – and the Bank in the background could e.g. put the transaction on hold)
Main issue: deal with customers and support their browser problems (that have nothing to do with your software)

Best option is to use two factor authentication (e.g.: send authorization code to SMS), that code will not match the altered transaction. (BUT there is malware out there to circumvent this too – see Zitmo- Zeus in the mobile)
In regards to fully automated mule selection (which mule is “live”, their account number, limits, etc) I have to disappoint you too, this has been seen in malware for a while – again ZEUS being the most prominent one.

By: wrdlbrmpft

wrdlbrmpft — Thu, 24 Jan 2013 11:32:52 +0000

smart crooks? Kuzmin smart to travel to the US where he was caught 2010 and cooperated fully, hoping for a deal? 2 years to catch the romanian? I call that slow and cumbersome, useless and of no impact.