Category Archives: Web Fraud 2.0

ChronoPay’s Scareware Diaries

March 3, 2011

If your Microsoft Windows PC was attacked by fake anti-virus or “scareware” in the past few years, chances are good that the attack was made possible by ChronoPay, Russia’s largest processor of online payments.

Tens of thousands of documents stolen and leaked last year from ChronoPay offer a fascinating view into a company that has artfully cultivated and profited handsomely from the market for scareware, which hijacks victim PCs with fake security alerts in a bid to frighten users into paying for worthless security software.

Pharma Wars

February 25, 2011

34 Comments

It’s difficult to chronicle a battle in which neither side wants to admit publicly that he is fighting for his life, or indeed that he has even launched attacks against his enemy. But such is the nature of a business-feud-turned-turf-war that is now playing out slowly between bosses of two of the Internet’s largest illicit pharmacy operations.

SpamIt, Glavmed Pharmacy Networks Exposed

February 24, 2011

35 Comments

An organized crime group thought to include individuals responsible for the notorious Storm and Waledac worms generated more than $150 million promoting rogue online pharmacies via spam and hacking, according to data obtained by KrebsOnSecurity.com.

Russian Cops Crash Pill Pusher Party

February 21, 2011

65 Comments

I recently returned from a trip to Russia, where I traveled in part to interview a few characters involved in running the world’s biggest illicit online pharmacies. I arrived just days after the real fireworks, when several truckloads of masked officers from Russian drug enforcement bureaus raided a party thrown exclusively for the top moneymakers of Rx-Promotion, a major e-pharmacy program co-owned by one of the men I went to meet.

eHarmony Hacked

February 10, 2011

27 Comments

Online dating giant eHarmony has begun urging users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. Once again, the individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.

Revisiting the SpyEye/ZeuS Merger

February 3, 2011

28 Comments

In October 2010, I discovered that the authors of the SpyEye and ZeuS banking Trojans — once competitors in the market for botnet creation and management kits — were killing further development of ZeuS and planning to fuse the two malware families into one supertrojan. Initially, I heard some skepticism from folks in the security community about this. But three months later, security experts are now starting to catch glimpses of this new hybrid Trojan in the wild, as the author(s) begins shipping a series of beta releases that include updated features on a nearly-daily basis.

Spammers Hijack Internet Space Assigned to Egyptian President’s Wife

February 1, 2011

18 Comments

Egyptian citizens calling for besieged President Hosni Mubarak to step down may have been cut off from using the Web, but spammers have been busy cutting the government off from its own Internet address space: Earlier this month, junk e-mail artists hijacked a swath of Internet addresses assigned to Mubarak’s wife.

PlentyofFish.com Hacked, Blames Messenger

January 31, 2011

89 Comments

Hackers have breached the database of online dating site PlentyOfFish.com, exposing personal and password information on nearly 30 million users, including its founder and administrators. In response, the company has implied that the editor of KrebsOnSecurity.com was involved in an elaborate extortion plot.

Getting hacked is no fun. Learning that you’ve been hacked when a reporter calls is probably even less fun. But for better or worse, I have notified dozens of companies about various breaches over the years, and I’ve learned a few things about how victims respond. Usually, when the company in question responds by implicating you in an alleged extortion scheme, two things become clear:

1) You’re probably not going to get any real answers to your direct questions about the incident, and;

2) The company almost certainly did have a serious breach.

ATM Skimmers That Never Touch the ATM

January 31, 2011

59 Comments

Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today’s skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.

The most common of these off-ATM skimmers can be found near cash machines that are located in the antechamber of a bank or building lobby, where access is controlled by a key card lock that is activated when the customer swipes his or her ATM card. In these scams, the thieves remove the card swipe device attached to the outside door, add a skimmer, and then reattach the device to the door. The attackers then place a hidden camera just above or beside the ATM, so that the camera is angled to record unsuspecting customers entering their PINs.

Battling the Zombie Web Site Armies

January 26, 2011

27 Comments

Peter Bennett first suspected his own Web site might have been turned into a spam-spewing zombie on Nov. 11, the night he discovered that a tiny program secretly uploaded to his site was forcing it to belch ads for rogue Internet pharmacies.

Bennett’s site had been silently “infected” via an unknown (at the time) vulnerability in a popular e-commerce software package. While most site owners probably would have just cleaned up the mess and moved on, Bennett — a longtime anti-spam vigilante — took the attack as a personal challenge.