Tag Archives: UCSD

Mail from the (Velvet) Cybercrime Underground

July 30, 2013

Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares. But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police in advance of the delivery.

Inside the Gozi Bulletproof Hosting Facility

January 25, 2013

Nate Anderson at Ars Technica has a good story about how investigators tracked down “Virus,” the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, I’ve been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.

Who Says Email Is Eating at Postal Revenues?

July 3, 2012

Shadowy online businesses that sell knockoff prescription drugs through spam and other dodgy advertising practices have begun relying more heavily on the U.S. Postal Service to deliver prescription drugs to buyers in the United States direct from warehouses or mules within the U.S. The shift comes as rogue online pill shops are seeking ways to lower shipping costs, a major loss leader for most of these operations.

Traditionally, a majority of the counterfeit pills advertised and sold to Americans online have shipped from India. But the process of getting the pills from India to customers in the United States is so expensive and fraught with complications that it has proved to be a big cost center for the largest rogue pharmaceutical operations, according to a study I wrote about last month.

Who’s Behind the World’s Largest Spam Botnet?

February 1, 2012

A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. The latest casualties? Several individuals likely responsible for running Grum, currently the world’s most active spam botnet.

Fake Antivirus Industry Down, But Not Out

August 3, 2011

A majority of the largest fake AV affiliate programs that pay hackers to foist junk security software have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny of the industry from security experts and a host of international law enforcement officials.

Over the past several weeks, many of the Web sites for the top fake AV promotion programs disappeared or complained of difficulty in processing credit card transactions for would-be scwareware victims: Fake AV brands such as Gagarincash, Best AV, Blacksoftware.cc and a Sevantivir.com ceased operating or alerted peddlers who were hired to install these programs that they might not get paid for current and future installations.

How to Buy Friends and Deceive People

July 15, 2011

Want more friends and followers? Emerging enterprises will create them for you — for a price. An abundance of low-cost, freelance labor online is posing huge challenges for Internet companies trying to combat the growing abuse of their services, and… Read More »

Azeri Banks Corner Fake AV, Pharma Market

July 13, 2011

Banks in Azerbaijan that have courted the shadowy trade in spam-advertised pharmaceuticals now have cornered the market for processing credit card payments for fake antivirus software, new data reveals.

In June, KrebsOnSecurity highlighted research from the University of California, San Diego (UCSD) showing that Azerigazbank, a financial institution in Azerbaijan, was the primary merchant bank for most major online-fraud pharmacy affiliate programs. By the time that research was published, those programs had moved their business to another bank in Azerbaijan, JSCB Bank Standard.