Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Tagging and Tracking Espionage Botnets

July 30, 2012

A security researcher who’s spent the last 18 months cataloging and tracking malware that was developed and deployed online specifically for spying on governments, activists and industry executives says the complexity and scope of these cyberespionage malware networks now rivals many large conventional cybercrime operations.

Joe Stewart, senior director of malware research at Atlanta-based Dell SecureWorks, said he’s logged over 200 unique families of custom malware used in cyber-espionage campaigns, and some 1,000 domain names registered by cyberspies for using in hosting networks used to control the malware, or for use in “spear phishing,” highly targeted emails that spread the malware.

DoItQuick: Fast Domains for Dirty Deeds

July 23, 2012

19 Comments

A new service offered in the cybercriminal underground is geared toward spammers, scammers and malware purveyors interested in mass-registering dozens of dodgy domains in one go.

Top Spam Botnet, “Grum,” Unplugged

July 19, 2012

31 Comments

Roughly five years after it burst onto the malware scene, the notorious Grum spam botnet has been disconnected from the Internet. Grum has consistently been among the top three biggest sources of junk email, a crime machine capable of blasting 18 billion messages per day and responsible for sending about one-third of all spam.

Cyberheist Smokescreen: Email, Phone, SMS Floods

July 18, 2012

35 Comments

It was early October 2011, and I was on the treadmill checking email when I noticed several hundred new messages had arrived since I last looked at my Gmail inbox just 20 minutes earlier. I didn’t know it at the time, but my account was being used to beta test a private service now offered openly in the criminal underground that can be hired to create highly disruptive floods of junk email, text messages and phone calls.

Many businesses request some kind of confirmation from their bank whenever high-dollar transfers are initiated. These confirmations may be sent via text message or email, or the business may ask their bank to call them to verify requested transfers. The attack that hit my inbox was part of an offering that crooks can hire to flood each medium of communication, thereby preventing a targeted business from ever receiving or finding alerts from their bank.

Spammers Target Dropbox Users

July 17, 2012

16 Comments

“Always have your stuff when you need it with Dropbox.” That’s the marketing line for the online file storage service, but today users have had difficulty logging into the service. The outages came amid reports that many European Dropbox users were being blasted with spam for online casinos, suggesting some kind of leak of Dropbox user email addresses.

Plesk 0Day For Sale As Thousands of Sites Hacked

July 10, 2012

46 Comments

Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel, a software suite used to remotely administer hosted servers at a large number of Internet hosting firms. The attack comes amid reports from multiple sources indicating a spike in Web site compromises that appear to trace back to Plesk installations.

New Java Exploit to Debut in BlackHole Exploit Kits

July 5, 2012

44 Comments

Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software is set to be deployed later this week to cybercriminal operations powered by the BlackHole exploit pack. The addition of a new weapon to this malware arsenal will almost certainly lead to a spike in compromised PCs, as more than 3 billion devices run Java and many of these installations are months out of date.

Who Says Email Is Eating at Postal Revenues?

July 3, 2012

19 Comments

Shadowy online businesses that sell knockoff prescription drugs through spam and other dodgy advertising practices have begun relying more heavily on the U.S. Postal Service to deliver prescription drugs to buyers in the United States direct from warehouses or mules within the U.S. The shift comes as rogue online pill shops are seeking ways to lower shipping costs, a major loss leader for most of these operations.

Traditionally, a majority of the counterfeit pills advertised and sold to Americans online have shipped from India. But the process of getting the pills from India to customers in the United States is so expensive and fraught with complications that it has proved to be a big cost center for the largest rogue pharmaceutical operations, according to a study I wrote about last month.

DNSChanger Trojan Still in 12% of Fortune 500

June 28, 2012

15 Comments

In about two weeks, hundreds of thousands of computer users are going to learn the hard way that failing to keep a clean machine comes with consequences. On July 9, 2012, any systems still infected with the DNSChanger Trojan will… Read More »

‘Carderprofit’ Forum Sting Nets 26 Arrests

June 26, 2012

21 Comments

The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of at least two dozen people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of “UGNazi,” a malicious hacking group that has claimed responsibility for a flood of recent attacks on Internet businesses.