Category Archives: Web Fraud 2.0

Battling the Zombie Web Site Armies

January 26, 2011

Peter Bennett first suspected his own Web site might have been turned into a spam-spewing zombie on Nov. 11, the night he discovered that a tiny program secretly uploaded to his site was forcing it to belch ads for rogue Internet pharmacies.

Bennett’s site had been silently “infected” via an unknown (at the time) vulnerability in a popular e-commerce software package. While most site owners probably would have just cleaned up the mess and moved on, Bennett — a longtime anti-spam vigilante — took the attack as a personal challenge.

Pill Pushers Pop Military, Government, Education Sites

January 14, 2011

7 Comments

A software vulnerability at a Web hosting provider let hackers secretly add dozens of Web pages to military, educational, financial and government sites in a bid to promote rogue online pharmacies.

Exploit Packs Run on Java Juice

January 10, 2011

25 Comments

In October, I showed why Java vulnerabilities continue to be the top moneymaker for purveyors of “exploit kits,” commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities. Today, I’ll highlight a few more recent examples of this with brand new exploit kits on the market, and explain why even fully-patched Java installations are fast becoming major enablers of browser-based malware attacks.

Taking Stock of Rustock

January 5, 2011

20 Comments

Global spam volumes have fallen precipitously in the past two months, thanks to a cessation of junk e-mail from Rustock — until recently the world’s most active spam botnet. But experts say those behind Rustock haven’t gone away, but have merely shifted the botnet’s resources toward other money-making activities, such as installing spyware and adware.

‘White House’ eCard Dupes Dot-Gov Geeks

January 3, 2011

78 Comments

A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters, KrebsOnSecurity.com has learned.

The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing financial data and documents from victim machines. This activity is unusual because most criminals using ZeuS are interested in money-making activities – such as stealing banking passwords and creating botnets – whereas the hoovering up of sensitive government documents is typically associated with threats from China that are deployed to gather industrial or military intelligence.

Russian e-Payment Giant ChronoPay Hacked

December 29, 2010

15 Comments

Criminals this week hijacked ChronoPay.com, the domain name for Russia’s largest online payment processor, redirecting hundreds of unsuspecting visitors to a fake ChronoPay page that stole customer financial data.

ChronoPay chief executive Pavel Vrublevsky said the bogus payment page was up for several hours on Christmas day, during which time the attackers collected roughly 800 credit card numbers from customers visiting the site to make payments for various services that rely on ChronoPay for processing.

Carders.cc, Backtrack-linux.org and Exploit-db.org Hacked

December 25, 2010

29 Comments

Carders.cc, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to “you’ve been owned” calling cards this Christmas are… Read More »

Why GSM-Based ATM Skimmers Rule

December 13, 2010

55 Comments

Earlier this year, KrebsOnSecurity featured a post highlighting the most dangerous aspects of GSM-based ATM skimmers, fraud devices that let thieves steal card data from ATM users and have the purloined digits sent wirelessly via text message to the attacker’s… Read More »

Reintroducing Scanlab (a.k.a Scamlab)

December 7, 2010

13 Comments

Many sites and services require customers to present “proof” of their identity online by presenting scanned copies of important documents, such as passports, utility bills, or diplomas. But these requests don’t really prove anything, as there are a number of online services that will happily forge these documents quite convincingly for a small fee.

What You Should Know About History Sniffing

December 6, 2010

32 Comments

Researchers have discovered that dozens of Web sites are using simple Javascript tricks to snoop into visitors’ Web browsing history. While these tricks are nothing new, they are in the news again, so it’s a good time to remind readers about ways to combat this sneaky behavior.