A system put in place to allow anti-spam activists to report entities that bulk-register domain names using false or misleading contact information is about to gain a much-needed new privacy feature: The option for activists not to expose their identities to the very spammers they’re trying to report.
If your Microsoft Windows PC was attacked by fake anti-virus or “scareware” in the past few years, chances are good that the attack was made possible by ChronoPay, Russia’s largest processor of online payments.
Tens of thousands of documents stolen and leaked last year from ChronoPay offer a fascinating view into a company that has artfully cultivated and profited handsomely from the market for scareware, which hijacks victim PCs with fake security alerts in a bid to frighten users into paying for worthless security software.
It’s difficult to chronicle a battle in which neither side wants to admit publicly that he is fighting for his life, or indeed that he has even launched attacks against his enemy. But such is the nature of a business-feud-turned-turf-war that is now playing out slowly between bosses of two of the Internet’s largest illicit pharmacy operations.
An organized crime group thought to include individuals responsible for the notorious Storm and Waledac worms generated more than $150 million promoting rogue online pharmacies via spam and hacking, according to data obtained by KrebsOnSecurity.com.
I recently returned from a trip to Russia, where I traveled in part to interview a few characters involved in running the world’s biggest illicit online pharmacies. I arrived just days after the real fireworks, when several truckloads of masked officers from Russian drug enforcement bureaus raided a party thrown exclusively for the top moneymakers of Rx-Promotion, a major e-pharmacy program co-owned by one of the men I went to meet.
On February 8, 2009, a customer at an ATM at a Bank of America branch in Sun Valley, Calif., spotted something that didn’t look quite right about the machine: A silver, plexiglass device had been attached to the ATM’s card acceptance slot, in a bid to steal card data from unsuspecting ATM users.
But the customer and the bank’s employees initially overlooked a secondary fraud device that the unknown thief had left at the scene: A sophisticated, battery operated and motion activated camera designed to record victims entering their personal identification numbers at the ATM.
Late this week, I heard from several anti-spam activists who alerted me to a nice reminder that spammers don’t always win: Spammers have been promoting their rogue pharmacy sites via images uploaded to free image hosting service imageshack.com. In response, the company appears to have simply replaced those images with the following subtle warning:
Online dating giant eHarmony has begun urging users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. Once again, the individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.
A company that is helping the federal government track down cyberactivists who have been attacking business that refused to support Wikileaks has itself been hacked by the very same activists it is investigating.
At the center of the storm is a leaderless and anarchic Internet group called Anonymous, which more recently has been coordinating attacks against Egyptian government Web sites. Late last month, authorities in the U.K. and the U.S. moved against at least 45 suspected Anonymous activists. Then, on Saturday, the Financial Times ran a story quoting Aaron Barr, the head of security services firm HBGary Federal, saying he had uncovered the identities of Anonymous’ leaders using social networking sites and planned to release his findings at a security conference in San Francisco next week.
In October 2010, I discovered that the authors of the SpyEye and ZeuS banking Trojans — once competitors in the market for botnet creation and management kits — were killing further development of ZeuS and planning to fuse the two malware families into one supertrojan. Initially, I heard some skepticism from folks in the security community about this. But three months later, security experts are now starting to catch glimpses of this new hybrid Trojan in the wild, as the author(s) begins shipping a series of beta releases that include updated features on a nearly-daily basis.
