Category Archives: Web Fraud 2.0

PlentyofFish.com Hacked, Blames Messenger

January 31, 2011

Hackers have breached the database of online dating site PlentyOfFish.com, exposing personal and password information on nearly 30 million users, including its founder and administrators. In response, the company has implied that the editor of KrebsOnSecurity.com was involved in an elaborate extortion plot.

Getting hacked is no fun. Learning that you’ve been hacked when a reporter calls is probably even less fun. But for better or worse, I have notified dozens of companies about various breaches over the years, and I’ve learned a few things about how victims respond. Usually, when the company in question responds by implicating you in an alleged extortion scheme, two things become clear:

1) You’re probably not going to get any real answers to your direct questions about the incident, and;

2) The company almost certainly did have a serious breach.

ATM Skimmers That Never Touch the ATM

January 31, 2011

59 Comments

Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today’s skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.

The most common of these off-ATM skimmers can be found near cash machines that are located in the antechamber of a bank or building lobby, where access is controlled by a key card lock that is activated when the customer swipes his or her ATM card. In these scams, the thieves remove the card swipe device attached to the outside door, add a skimmer, and then reattach the device to the door. The attackers then place a hidden camera just above or beside the ATM, so that the camera is angled to record unsuspecting customers entering their PINs.

Battling the Zombie Web Site Armies

January 26, 2011

27 Comments

Peter Bennett first suspected his own Web site might have been turned into a spam-spewing zombie on Nov. 11, the night he discovered that a tiny program secretly uploaded to his site was forcing it to belch ads for rogue Internet pharmacies.

Bennett’s site had been silently “infected” via an unknown (at the time) vulnerability in a popular e-commerce software package. While most site owners probably would have just cleaned up the mess and moved on, Bennett — a longtime anti-spam vigilante — took the attack as a personal challenge.

Pill Pushers Pop Military, Government, Education Sites

January 14, 2011

7 Comments

A software vulnerability at a Web hosting provider let hackers secretly add dozens of Web pages to military, educational, financial and government sites in a bid to promote rogue online pharmacies.

Exploit Packs Run on Java Juice

January 10, 2011

25 Comments

In October, I showed why Java vulnerabilities continue to be the top moneymaker for purveyors of “exploit kits,” commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities. Today, I’ll highlight a few more recent examples of this with brand new exploit kits on the market, and explain why even fully-patched Java installations are fast becoming major enablers of browser-based malware attacks.

Taking Stock of Rustock

January 5, 2011

20 Comments

Global spam volumes have fallen precipitously in the past two months, thanks to a cessation of junk e-mail from Rustock — until recently the world’s most active spam botnet. But experts say those behind Rustock haven’t gone away, but have merely shifted the botnet’s resources toward other money-making activities, such as installing spyware and adware.

‘White House’ eCard Dupes Dot-Gov Geeks

January 3, 2011

78 Comments

A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters, KrebsOnSecurity.com has learned.

The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing financial data and documents from victim machines. This activity is unusual because most criminals using ZeuS are interested in money-making activities – such as stealing banking passwords and creating botnets – whereas the hoovering up of sensitive government documents is typically associated with threats from China that are deployed to gather industrial or military intelligence.

Russian e-Payment Giant ChronoPay Hacked

December 29, 2010

15 Comments

Criminals this week hijacked ChronoPay.com, the domain name for Russia’s largest online payment processor, redirecting hundreds of unsuspecting visitors to a fake ChronoPay page that stole customer financial data.

ChronoPay chief executive Pavel Vrublevsky said the bogus payment page was up for several hours on Christmas day, during which time the attackers collected roughly 800 credit card numbers from customers visiting the site to make payments for various services that rely on ChronoPay for processing.

Carders.cc, Backtrack-linux.org and Exploit-db.org Hacked

December 25, 2010

29 Comments

Carders.cc, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to “you’ve been owned” calling cards this Christmas are… Read More »

Why GSM-Based ATM Skimmers Rule

December 13, 2010

55 Comments

Earlier this year, KrebsOnSecurity featured a post highlighting the most dangerous aspects of GSM-based ATM skimmers, fraud devices that let thieves steal card data from ATM users and have the purloined digits sent wirelessly via text message to the attacker’s… Read More »