More than 65% of spam consists of “pharmaceutical spam” sent through a variety of well known spam botnets such as Rustock and Cutwail. These spam messages use multiple shop brands and sell a variety of drugs, especially Viagra. These pills, sometime fake pills, are shipped to buyers from pharma manufacturers, often in India or China. [...]
SecDev.cyber Blog
Pack Mules: The Re-Shipping Fraud & Malware Connection
December 16, 2010 – 12:42 pm
Malware toolkits are designed to steal information, such as bank account data, and provide cyber criminals with vast quantities of stolen credentials. Every day, credit card numbers stolen by malware such as Zeus and SpyEye are bought and sold in the underground economy. This has given rise to the recruitment of “pack mules.” When using [...]
Nobel Peace Prize, Amnesty HK and Malware
November 13, 2010 – 9:45 am
There have been two recent attacks involving human rights and malware. First, on November 7, 2010, contagiodump.blogspot.com posted an analysis of a malware attack that masqueraded as an invitation to attend an event put on by the Oslo Freedom Forum for Nobel Peace Prize winner Liu Xiaobo. The malware exploited a known vulnerability (CVE-2010-2883) in [...]
Clustering Zeus Command and Control Servers Part 2
November 5, 2010 – 4:02 pm
In Part 1 of “Clustering Zeus Command and Control Servers” I focused on clustering Zeus command and control servers based on three criteria: IP addresses, domain names, and email addresses used to register domain names. Using data drawn from ZeusTracker and MalwareDomainList, I observed that while a wide variety of criminals may set up disparate [...]
Command and Control in the Cloud
October 22, 2010 – 10:17 am
In “Shadows in the Cloud: An investigation into cyber espionage 2.0” my co-authors and I analyzed the command and control infrastructure of a network that extracted secret, confidential and restricted documents from the Indian government and military. The Shadow Network used a complex and tiered command and control infrastructure that leveraged Twitter, Google Groups, Blogspot, [...]
Clustering Zeus Command and Control Servers
October 14, 2010 – 11:16 am
Recently, more than 150 individuals around the world have been arrested on bank fraud related charges after using the Zeus malware to acquire credentials that enabled the criminals to steal more than $70 million dollars. Those arrested include five Ukrainian individuals that are believed to be the masterminds behind the operation. Brian Krebs notes that [...]
Old Threats are Current Threats
September 29, 2010 – 8:29 am
Despite the fact that the authors of the Pinch Trojan were “pinched” by law enforcement in 2007, the Pinch Trojan continues to be a current threat both because the source code is available (so anyone can modify it and release a variant) but also because old versions of Pinch continue to be effectively used. In [...]
Crime or Espionage? Part 2
September 9, 2010 – 8:28 am
In “Crime or Espionage Part 1” I examined a series of attacks that appear to be aimed at those interested in intelligence issues and those in the government and military. The malware used in these attacks was ZeuS and there are common command and control elements used in the attacks beginning in December 2009 and [...]
Crime or Espionage?
August 28, 2010 – 8:27 am
ZeuS is a well known crimeware tool kit that is readily available online. The tool allows even the most unskilled to operate a botnet. Typically, Zeus has been associated with banking fraud. Recently, there have been a series of attacks using the Zeus malware that appear to be less motivated by bank fraud and more [...]
Human Rights and Malware Attacks
August 19, 2010 – 8:25 am
Human Rights and Malware Attacks by Nart Villeneuve On March 18, 2010, unknown attackers sent a spear phishing email that appeared to be from Sharon Hom, the Executive Director of Human Rights in China (HRIC), to a variety of organizations and individuals. Leveraging the trust and recognition of HRIC, the attackers’ email encouraged recipients to [...]