Underground Web sites can be a useful barometer for the daily volume of criminal trade in goods like stolen credit card numbers and hijacked PayPal or eBay accounts. And if the current low prices at one of Underweb’s newer and… Read More »
Late last month I wrote about Citadel, an “open source” version of the ZeuS Trojan whose defining feature is a social networking component where users can report and fix programming bugs, suggest and vote on new features in upcoming versions, and generally guide development of the botnet malware. Since then, I’ve been given a peek inside that social networking space, and it suggests that Citadel’s collaborative approach is fueling rapid growth of this new malware strain.
A customer who bought a license to the Citadel Trojan extended an invitation to drop in on that community of hackers. Those who have purchased the software can interact with the developers and other buyers via comments submitted to the Citadel Store, a front-end interface that is made available after users are validated through a two-step authentication process.
Anyone who’s run a Web site is probably familiar with the term “malvertising,” which occurs when crooks hide exploits and malware inside of legitimate-looking ads that are submitted to major online advertising networks. But there’s a relatively new form of malware-based advertising that’s gaining ground — I’m calling it “crimevertising” for lack of a better term — that involves running otherwise harmless ads for illicit services inside of commercial crimeware kits.
At its most basic, crimevertising has been around for many years, in the form of banner ads on underground forums that hawk everything from hacking services to banking Trojans and crooked cashout services. More recently, malware authors have started offering the ability to place paid ads in the administrative panesl that customers use to control their botnets. Such placements allow miscreants an unprecedented opportunity to keep their brand name in front of the eyeballs of their target audience, and for hours on end.
Underground hacker forums are full of complaints from users angry that a developer of some popular banking Trojan or bot program has stopped supporting his product, stranding buyers with buggy botnets. Now, the proprietors of a new ZeuS Trojan variant are marketing their malware as the first offering that lets customers file bug reports, suggest and vote on new features in upcoming versions, and track trouble tickets that can be worked on by the developers and fellow users alike.
A new service in the cyber underground aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools.
A glut of stolen card data has spawned dozens of stores that sell the information. The trouble is that each store requires users to create accounts and sign in before they can search for cards.
Enter MegaSearch.cc, which aims to let fraudsters discover which fraud shops hold the cards they’re looking for, without having to first create accounts at each shop. This underground search engine aggregates data about compromised payment cards, and points searchers to various fraud shops selling them.
Given the heightened security surrounding air travel these days, it may be hard to believe that fraudsters would try to board a plane using stolen tickets. But incredibly, there are a number of criminal travel agencies doing business in the underground, and judging from the positive feedback left by patrons, business appears to be booming.
The tickets often are purchased at the last minute and placed under the criminal buyer’s real name. The reservations are made using either stolen credit cards or hijacked accounts belonging to independent contractors in the travel industry. Customers are charged a fraction of the cost of the tickets and/or reservations, typically between 25 and 35 percent of the actual cost.
Jobs in the hi-tech sector can be hard to find, but employers in one corner of the industry are creating hundreds of full-time positions, offering workers on-the-job training and the freedom to work from home. The catch? Employees will likely work for cybercrooks and may make barely enough money in a week to purchase a Happy Meal at McDonald’s.
A new service on the cyber criminal underground can be hired to tie up the phone lines of any targeted mobile or land line around the world. The service is marketed as a diversionary tactic to assist e-thieves in robbing commercial customers of banks that routinely call customers to verify large financial transfers.
Thousands of Twitter accounts apparently created in advance to blast automated messages are being used to drown out Tweets sent by bloggers and activists this week who are protesting the disputed parliamentary elections in Russia, security experts said.
Trend Micro’s Rik Ferguson posted a good piece on Thursday about a major shortcoming in credit card security programs maintained by MasterCard and Visa. Although the loophole that Ferguson highlighted may be unsettling to some, fraudsters who specialize in stealing and using stolen credit cards online have been exploiting it for years.
