Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

SpyEye Targets Opera, Google Chrome Users

April 26, 2011

The latest version of the SpyEye trojan includes new capability specifically designed to steal sensitive data from Windows users surfing the Internet with the Google Chrome and Opera Web browsers.

The author of the SpyEye trojan formerly sold the crimeware kit on a number of online cybercrime forums, but has recently limited his showroom displays to a handful of highly vetted underground communities. KrebsOnSecurity.com recently chatted with a member of one of these communities who has purchased a new version of SpyEye. Screenshots from the package show that the latest rendition includes new “form grabbing” capabilities targeting Chrome and Opera users.

Where Did That Scammer Get Your Email Address?

April 25, 2011

53 Comments

You’ve seen the emails: They purport to have been sent by some dethroned prince in a faraway land, or from a corrupt bureaucrat in an equally corrupt government. Whatever the ruse, they always claim to need your help in spiriting away millions of dollars. These schemes, known as “419,” “advance fee” and “Nigerian letter” scams, have been around forever and are surprisingly effective at duping people. But where in the world do these scammers get their distribution lists, and how did you become a target?

Some of the bigger spammers rely on bots that crawl millions of Web sites and “scrape” addresses from pages. Others instead turn to sellers on underground cybercrime forums. But as it turns out, there are still a handful of open-air markets where lists of emails are sold by the millions. If you buy in bulk, some you can expect to pay about a penny per 1,000 addresses.

One long-running, open air bazaar for email addresses is LeadsAndMails.com, which also goes by the name BuyEmails.org. This enterprise is based out of New Delhi, India, and advertises its email lists as “100% optin and 100 percent legal to use.” I can’t vouch for the company’s claims, but one thing seems clear: A good number of its clients are from Nigeria, and many of them are fraudsters.

Are Megabreaches Out? E-Thefts Downsized in 2010

April 19, 2011

24 Comments

The number of consumer and financial records compromised as a result of data breaches in 2010 fell dramatically compared to previous years, a shift that cybercrime investigators attribute to a sea-change in the motives and tactics used by criminals to steal information. At the same time, organizations are dealing with more breaches than ever before, and most data thefts continue to result from security weaknesses that are relatively unsophisticated and easy to prevent.

U.S. Government Takes Down Coreflood Botnet

April 14, 2011

28 Comments

The U.S. Justice Department and the FBI this week were granted unprecedented authortiy to seize control over a criminal botnet that enslaved millions of computers and to use that control to disable the malicious software on infected PCs.

The target of the takedown was “Coreflood,” an infamous botnet that first emerged almost a decade ago as a high-powered virtual weapon designed to knock targeted Web sites offline. Over the years, the crooks running the botnet began using it to defraud owners of the victim PCs by stealing bank account information and draining balances.

ATM Skimmers: Hacking the Cash Machine

April 10, 2011

45 Comments

Most of the ATM skimmers I’ve profiled in this blog were parts designed to mimic and to fit on top of existing cash machine components, such as card acceptance slots or PIN pads. But sometimes, skimmer thieves find success in modifying or wholesale swapping out ATM parts with compromised look-alikes.

Epsilon Breach Raises Specter of Spear Phishing

April 4, 2011

160 Comments

Security experts are warning consumers to be especially alert for more targeted email scams in the coming weeks and months, following news that a breach at a major email marketing firm exposed names and email addresses for customers of some of the nation’s largest banks and corporate brand names.

Spammers Target Kroger Customers

April 1, 2011

58 Comments

Supermarket giant Kroger Company is the latest major business to disclose that its customer list has fallen into the hands of spammers and scam artists.

Domains Used in RSA Attack Taunted U.S.

March 30, 2011

60 Comments

Details about the recent cyber attacks against security firm RSA suggest the assailants may have been taunting the industry giant and the United States while they were stealing secrets from a company whose technology is used to secure many banks and government agencies.

IRS Scam: Phishing by Fax

March 29, 2011

12 Comments

Scammers typically kick into high gear during tax season in the United States, which tends to bring with it a spike in phishing attacks that spoof the Internal Revenue Service. Take, for example, a new scam making the rounds via email, which warns of discrepancies on the recipient’s income tax return and requests that personal information be sent via fax to a toll-free number.

Microsoft Hunting Rustock Controllers

March 28, 2011

22 Comments

Who controlled the Rustock botnet? The question remains unanswered: Microsoft’s recent takedown of the world’s largest spam engine offered tantalizing new clues to the identity and earnings of the Rustock botmasters. The data shows that Rustock’s curators made millions by pimping rogue Internet pharmacies, but also highlights the challenges that investigators still face in tracking down those responsible for building and profiting from this complex crime machine.