Experts from across the security industry collaborated this week to quarantine more than 110,000 Microsoft Windows PCs that were infected with the Khelios worm, a contagion that forces infected PCs to blast out junk email advertising rogue Internet pharmacies.
Most botnets are relatively fragile: If security experts or law enforcement agencies seize the Internet servers used to control the zombie network, the crime machine eventually implodes. But Khelios (a.k.a. “Kelihos”) was built to withstand such attacks, employing a peer-to-peer structure not unlike that used by popular music and file-sharing sites to avoid takedown by the music and entertainment industry.
A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. The latest casualties? Several individuals likely responsible for running Grum, currently the world’s most active spam botnet.
The last post in this series introduced the world to “Google,” an alias chosen by the hacker in charge of Cutwail — currently the world’s largest spam botnet. Google rented his crime machine to members of SpamIt, an organization that paid spammers to promote rogue Internet pharmacy sites. This made Google a top dog, but also a primary target of other botmasters selling software to SpamIt, particularly the hacker known as “SPM,” the guy behind the infamous Srizbi botnet.
Authorities seized computers and servers in the United States and seven other countries this week as part of an ongoing investigation of a hacking gang that stole $72 million by tricking people into buying fake anti-virus products. Police in Ukraine said the thieves fleeced unsuspecting consumers with the help of the infamous Conficker worm, although it remains unclear how big a role the fast-spreading worm played in this crime.
Pavel Vrublevsky, the embattled co-founder of ChronoPay — Russia’s largest online payments processor — has reportedly fled the country after the arrest of a suspect who confessed that he was hired by Vrublevsky to launch a debilitating cyber attack against… Read More »
The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world’s most active spam-generating machines.
For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.
An organized crime group thought to include individuals responsible for the notorious Storm and Waledac worms generated more than $150 million promoting rogue online pharmacies via spam and hacking, according to data obtained by KrebsOnSecurity.com.
It’s common for malware writers to taunt one another with petty insults nested within their respective creations. Competing crime groups also often seek to wrest infected machines from one another. A very public turf war between those responsible for maintaining… Read More »