Mail from the (Velvet) Cybercrime Underground

Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in … Читать далее

Don’t Get Sucker Pumped

Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit versus debit cards when filling up the tank. The U.S. Attorney’s office in Muskogee, Okla. says two men indicted this month for skimming … Читать далее

Security Vendors: Do No Harm, Heal Thyself

Security companies would do well to build their products around the physician’s code: “First, do no harm.” The corollary to that oath borrows from another medical mantra: “Security vendor, heal thyself. And don’t take forever to do it! ” On Thursday, Symantec quietly released security updates to fix serious vulnerabilities in its Symantec Web Gateway, … Читать далее

Hacker Ring Stole 160 Million Credit Cards

U.S. federal authorities have indicted five men — four Russians and a Ukrainian – for allegedly perpetrating many of the biggest cybercrimes of the past decade, including the theft of more than 160 million credit card numbers from major U.S. retailers, banks and card processors. The gang is thought to be responsible for the 2007 … Читать далее

Haunted by the Ghosts of ZeuS & DNSChanger

One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be … Читать далее

Toward A Greater Mobile Mal-Awareness

Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference. Source: Symantec Last week, Symantec warned about a new malware toolkit or “binder” designed … Читать далее

One-Stop Bot Chop-Shops

New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines. Templates like this are helping to spread one-stop-fraud shops. I’ve often observed that botmasters routinely … Читать далее

Styx Crypt Makers Push DDoS, Anti-Antivirus Services

I recently published a piece that examined the role of several Ukrainian men likely responsible for making and marketing the Styx Pack malware exploit kit. Today’s post will show how this same enterprise is linked to a DDoS protection scheme and a sprawling cybercrook-friendly malware scanning service that is bundled with Styx-Crypt. Anonymous antivirus scanning … Читать далее

Botcoin: Bitcoin Mining by Botnet

An increasing number of malware samples in the wild are using host systems to secretly mine bitcoins. In this post, I’ll look at an affiliate program that pays people for the mass installation of programs that turns host machines into bitcoin mining bots. The FeodalCash bitcoin mining affiliate program. Bitcoin is a decentralized, virtual currency, … Читать далее

Getting Skimpy With ATM Skimmers

Cybercrooks can be notoriously cheap, considering how much they typically get for nothing. I’m reminded of this when I occasionally stumble upon underground forum members trying to  sell a used ATM skimmer: Very often, the sales thread devolves into a flame war over whether the fully-assembled ATM skimmer is really worth more than the sum … Читать далее