Category Archives: Web Fraud 2.0

Virus Scanners for Virus Authors, Part II

April 5, 2010

The very first entry I posted at Krebs on Security, Virus Scanners for Virus Authors, introduced readers to two services that let virus writers upload their creations to see how well they are detected by various commercial anti-virus scanners on the market. In this follow-up post, I’ll take you inside of a pair of similar services that allow customers to periodically scan a malware sample ad receive alerts via instant message or e-mail when a new anti-virus product begins to detect the submission as malicious.

SpyEye vs. ZeuS Rivalry

April 1, 2010

20 Comments

It’s common for malware writers to taunt one another with petty insults nested within their respective creations. Competing crime groups also often seek to wrest infected machines from one another. A very public turf war between those responsible for maintaining… Read More »

AVprofit: Rogue AV + Zeus = $

March 24, 2010

10 Comments

The presence of rogue anti-virus products, also known as scareware, on a Microsoft Windows computer is often just the most visible symptom of a more serious and insidious system-wide infection. To understand why, it helps to take a peek inside… Read More »

Naming and Shaming ‘Bad’ ISPs

March 19, 2010

64 Comments

I asked or simply polled some of the most vigilant sources of this information for their recent data, and put together a rough chart indicating the Top Ten most prevalent ISPs from each of their vantage points. ISPs or hosts that show up more than others on these various lists are color-coded to illustrate consistency of findings (click the image to enlarge it). The trouble is, all of these individual efforts map badness from just one or a handful of perspectives, each of which may be limited in some way by particular biases, such as the type of threats that they monitor. For example, some measure only phishing attacks, while others concentrate on charting networks that play host to malicious software and botnet controllers.

Researchers Map Multi-Network Cybercrime Infrastructure

March 17, 2010

32 Comments

Last week, security experts launched a sneak attack against Troyak, an Internet service provider in Eastern Europe that served as a gateway to a nest of cyber crime activity. For the past seven days, unnamed members of the security community reportedly have been playing Whac-a-Mole with Troyak, which has bounced from one legitimate ISP to the next in a bid to reconnect to the global Internet. But experts say Troyak’s apparent hopscotching is in fact the expected behavior from a carefully architected, round-robin network of backup and redundant carriers, all designed to keep a massive organized criminal operation online should a disaster like the Troyak disconnection strike.

Monoprice.com Shuttered After Fraud Complaints

March 9, 2010

36 Comments

Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information. Vincent Lim, monoprice.com’s operations manager, said the… Read More »

Energizer Battery Charger Software Included Backdoor

March 9, 2010

16 Comments

Security experts at Symantec have discovered a software application made for a USB-based battery charger sold by Energizer actually included a hidden backdoor that allowed unauthorized remote access to the user’s system. The backdoor Trojan is easily removed, but Symantec… Read More »

BLADE: Hacking Away at Drive-By Downloads

February 22, 2010

33 Comments

The online version of Technology Review today carries a story I wrote about a government funded research group that is preparing to release a new free tool designed to block “drive-by downloads,” attacks in which the mere act of visiting… Read More »

The Rise of Point-and-Click Botnets

January 27, 2010

9 Comments

The graphic above is from a report out today by Team Cymru, a group that monitors studies online attacks and other badness in the underground economy. It suggests an increasing divergence in the way criminals are managing botnets, those large… Read More »

A Peek Inside the ‘Eleonore’ Browser Exploit Kit

January 25, 2010

66 Comments

If you happen to stumble upon a Web site that freaks out your anti-virus program, chances are good that the page you’ve visited is part of a malicious or hacked site that has been outfitted with what’s known as an… Read More »