Security experts long have warned computer users of the threat from “keystroke-logging” malware, malicious programs capable of recording your every keystroke. But the truth is, real bad guys don’t care about your everyday chit-chat. More importantly, their data-stealing creations tend to strip out or ignore anything that isn’t related to specific information they are seeking, such as credit card numbers and online bank account credentials.
A few readers have written in to say they recently received Skype phone calls urging them to download and install a system update for Microsoft Windows. Users who visit the recommended site are bombarded with the same old scareware prompts that try to frighten them into purchasing worthless security software.
Crooks who create botnets with crimeware kits SpyEye and ZeuS are creatively venting their frustration over a pair of Web services that help ISPs and companies block infected machines from communicating with control networks run by the botmasters.
If your Microsoft Windows PC was attacked by fake anti-virus or “scareware” in the past few years, chances are good that the attack was made possible by ChronoPay, Russia’s largest processor of online payments.
Tens of thousands of documents stolen and leaked last year from ChronoPay offer a fascinating view into a company that has artfully cultivated and profited handsomely from the market for scareware, which hijacks victim PCs with fake security alerts in a bid to frighten users into paying for worthless security software.
It’s difficult to chronicle a battle in which neither side wants to admit publicly that he is fighting for his life, or indeed that he has even launched attacks against his enemy. But such is the nature of a business-feud-turned-turf-war that is now playing out slowly between bosses of two of the Internet’s largest illicit pharmacy operations.
An organized crime group thought to include individuals responsible for the notorious Storm and Waledac worms generated more than $150 million promoting rogue online pharmacies via spam and hacking, according to data obtained by KrebsOnSecurity.com.
I recently returned from a trip to Russia, where I traveled in part to interview a few characters involved in running the world’s biggest illicit online pharmacies. I arrived just days after the real fireworks, when several truckloads of masked officers from Russian drug enforcement bureaus raided a party thrown exclusively for the top moneymakers of Rx-Promotion, a major e-pharmacy program co-owned by one of the men I went to meet.
Online dating giant eHarmony has begun urging users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. Once again, the individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.
In October 2010, I discovered that the authors of the SpyEye and ZeuS banking Trojans — once competitors in the market for botnet creation and management kits — were killing further development of ZeuS and planning to fuse the two malware families into one supertrojan. Initially, I heard some skepticism from folks in the security community about this. But three months later, security experts are now starting to catch glimpses of this new hybrid Trojan in the wild, as the author(s) begins shipping a series of beta releases that include updated features on a nearly-daily basis.
Egyptian citizens calling for besieged President Hosni Mubarak to step down may have been cut off from using the Web, but spammers have been busy cutting the government off from its own Internet address space: Earlier this month, junk e-mail artists hijacked a swath of Internet addresses assigned to Mubarak’s wife.
