As documented time and again on this blog, cybercrooks are often sloppy or lazy enough to leave behind important clues about who and where they are. But from time to time, cheeky crooks will dream up a trap designed to look like they’re being sloppy when in fact they’re trying to trick security researchers into being sloppy and infecting their computers with malware.
The success of social networking community Twitter has given rise to an entire shadow economy that peddles dummy Twitter accounts by the thousands, primarily to spammers, scammers and malware purveyors. But new research on identifying bogus accounts has helped Twitter to drastically deplete the stockpile of existing accounts for sale, and holds the promise of driving up costs for both vendors of these shady services and their customers.
A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser — an online anonymity tool powered by Firefox 17.
Pavel Vrublevsky, the owner of Russian payments firm ChronoPay and the subject of an upcoming book by this author, was sentenced to two-and-half years in a Russian penal colony this week after being found guilty of hiring botmasters to attack a rival… Read More »
Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares. But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police in advance of the delivery.
U.S. federal authorities have indicted five men — four Russians and a Ukrainian – for allegedly perpetrating many of the biggest cybercrimes of the past decade, including the theft of more than 160 million credit card numbers from major U.S. retailers, banks and card processors.
One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit dressed up as the new next big thing.
Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference.
An increasing number of malware samples in the wild are using host systems to secretly mine bitcoins. In this post, I’ll look at an affiliate program that pays people for the mass installation of programs that turns host machines into bitcoin mining bots.
Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, I’ll be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service.
