Category Archives: Web Fraud 2.0

SpyEye Targets Opera, Google Chrome Users

April 26, 2011

The latest version of the SpyEye trojan includes new capability specifically designed to steal sensitive data from Windows users surfing the Internet with the Google Chrome and Opera Web browsers.

The author of the SpyEye trojan formerly sold the crimeware kit on a number of online cybercrime forums, but has recently limited his showroom displays to a handful of highly vetted underground communities. KrebsOnSecurity.com recently chatted with a member of one of these communities who has purchased a new version of SpyEye. Screenshots from the package show that the latest rendition includes new “form grabbing” capabilities targeting Chrome and Opera users.

Where Did That Scammer Get Your Email Address?

April 25, 2011

53 Comments

You’ve seen the emails: They purport to have been sent by some dethroned prince in a faraway land, or from a corrupt bureaucrat in an equally corrupt government. Whatever the ruse, they always claim to need your help in spiriting away millions of dollars. These schemes, known as “419,” “advance fee” and “Nigerian letter” scams, have been around forever and are surprisingly effective at duping people. But where in the world do these scammers get their distribution lists, and how did you become a target?

Some of the bigger spammers rely on bots that crawl millions of Web sites and “scrape” addresses from pages. Others instead turn to sellers on underground cybercrime forums. But as it turns out, there are still a handful of open-air markets where lists of emails are sold by the millions. If you buy in bulk, some you can expect to pay about a penny per 1,000 addresses.

One long-running, open air bazaar for email addresses is LeadsAndMails.com, which also goes by the name BuyEmails.org. This enterprise is based out of New Delhi, India, and advertises its email lists as “100% optin and 100 percent legal to use.” I can’t vouch for the company’s claims, but one thing seems clear: A good number of its clients are from Nigeria, and many of them are fraudsters.

Is Your Computer Listed “For Rent”?

April 8, 2011

130 Comments

When it’s time to book a vacation or a quick getaway, many of us turn to travel reservation sites like Expedia, Travelocity and other comparison services. But there’s a cybercrime-friendly booking service that is not well-known. When cyber crooks want to get away — with a crime — increasingly they are turning to underground online booking services that make it easy for crooks to rent hacked PCs that can help them ply their trade anonymously.

Spammers Target Kroger Customers

April 1, 2011

58 Comments

Supermarket giant Kroger Company is the latest major business to disclose that its customer list has fallen into the hands of spammers and scam artists.

IRS Scam: Phishing by Fax

March 29, 2011

12 Comments

Scammers typically kick into high gear during tax season in the United States, which tends to bring with it a spike in phishing attacks that spoof the Internal Revenue Service. Take, for example, a new scam making the rounds via email, which warns of discrepancies on the recipient’s income tax return and requests that personal information be sent via fax to a toll-free number.

Microsoft Hunting Rustock Controllers

March 28, 2011

22 Comments

Who controlled the Rustock botnet? The question remains unanswered: Microsoft’s recent takedown of the world’s largest spam engine offered tantalizing new clues to the identity and earnings of the Rustock botmasters. The data shows that Rustock’s curators made millions by pimping rogue Internet pharmacies, but also highlights the challenges that investigators still face in tracking down those responsible for building and profiting from this complex crime machine.

Big Scores and Hi-Scores

March 23, 2011

15 Comments

Business gurus have long maintained that time = $, but that doesn’t mean playtime necessarily detracts from the bottom line. As many corporations have discovered, employees tend to be more productive when they have time to give their brains a break, and gameplay is the perfect escape. So it’s not surprising that some cyber criminals have taken this lesson to heart, and are crafting crime machines to include games that allow them to steal money and set hi-scores at the same time.

Homegrown: Rustock Botnet Fed by U.S. Firms

March 21, 2011

47 Comments

Aaron Wendel opened the doors of his business to some unexpected visitors on the morning of Mar. 16, 2011. The chief technology officer of Kansas City based hosting provider Wholesale Internet found that two U.S. marshals, a pair of computer forensics experts and a Microsoft lawyer had come calling, armed with papers allowing them to enter the facility and to commandeer computer hard drives and portions of the hosting firm’s network. Anyone attempting to interfere would be subject to arrest and prosecution.

Rustock Botnet Flatlined, Spam Volumes Plummet

March 16, 2011

48 Comments

The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world’s most active spam-generating machines.

For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.

ZeuS Innovations: ‘No-$H!+ Reports’

March 16, 2011

41 Comments

Security experts long have warned computer users of the threat from “keystroke-logging” malware, malicious programs capable of recording your every keystroke. But the truth is, real bad guys don’t care about your everyday chit-chat. More importantly, their data-stealing creations tend to strip out or ignore anything that isn’t related to specific information they are seeking, such as credit card numbers and online bank account credentials.