|
Archive for the ‘cybercrime’ Category
Friday, October 9th, 2009
Cybercriminals are implementing techniques in their banking password stealers to further cover their tracks. Not that they were having an extremely difficult time with this already, as pointed out by Guillaume Lovet’s Virus Bulletin paper on fighting cybercrime. But the technical and forensic challenges are now stepped up another level. We have been tracking the growth of the Urlzone/Bebloh family since February of this year, and other groups have been finding accelerated sophistication in the fraudulent activity.
The first, larger waves we saw in February targeted German users, protected within the ThreatFire community from the menace. As more european banks and countries were hit, we continued to monitor for more of a global presence, as the malware package becomes even more popular among multinational banking cyberthieves. Distribution servers have been appearing on American providers’ networks, the next logical step is to find American banks targeted as well. We will be monitoring the situation closely.
The stealer is being spread by attacking the usual client side vulnerabilities in browsers and third party plugins.
Posted in Bancos, Crimeware, Spyware, cybercrime | No Comments »
Wednesday, September 9th, 2009
Some hugely prevalent, worming families just won’t wither away and disappear. They top vendors’ prevalence lists for years on end, even as the malcode fails to serve its original purpose. As the ThreatFire community grows its presence in Mexico and Brazil, it protects more users from a relentless worm originally distributed from Indonesia, Brontok.
Brontok is a mass mailing worm that isn’t mentioned all that often anymore, being out-amplified by sensations like Conficker/Downadup/Kido, but its many variants continue to show up all over the world. For the past month, our ThreatFire users in Mexico and Brazil have been most protected from these Brontok variants, being run and ThreatFire-prevented on desktops in high numbers.
The compromised hosts used to be abused as DDoS bots, attacking sites around the world in what was unconfirmed as hacktivism or blackmailing attempts. Now, however, the worm travels without a head in the sunniest tropics — the major provider (unwittingly at the time) hosting Brontok’s configuration files have long ago taken down Brontok-accessed command-and-control server accounts.
Posted in Worm, cybercrime | No Comments »
Thursday, July 2nd, 2009
The Ftc recently settled against a FakeAv purveyor. While this settlement won’t remove all of the variants out there, it is welcome news nonetheless with ongoing progress and the caselist here. The fewer distributors of XP Antivirus the better: “The two settling defendants were part of a massive deceptive advertising scheme that tricked more than a million consumers into buying “rogue” computer security products, including WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus, according to the FTC’s complaint.” ThreatFire users were protected from a number of these scareware software packages, including XP Antivirus, in high volumes within the community back in mid-2008 and earlier.
The FTC’s complaint from December calls this stuff scareware, also called “rogueware”. It’s amazing how many users really fell for and continue to fall for this stuff, and then cannot get their money back. According to the complaint:
“Unaware of the Defendants’ trickery, more than one million consumers have purchased the Defendants’ software products to cure their computers of the non-existent problems “detected” by the Defendants’ fake scans…
Although some consumers later realize they have been defrauded by Defendants and attempt to seek refunds, Defendants routinely delay, obstruct and refuse to honor such requests.”
Posted in Adware, FakeAlert, Rogueware, Social Engineering, cybercrime | No Comments »
|
|
|
|
