Wednesday, 22 August 2007

26 Phishers Caught

Source: vnunet.com

"Italian police last week apprehended 18 Italians and eight East Europeans in an operation dubbed 'Phish & Chip' by the Italian press." They are allegedly responsible for a massive phishing attack against Poste Italiane customers a month or two back.

Thursday, 16 August 2007

"Online Safety" proposed for US school curriculum

Source: vnunet.com

"The US National Cyber Security Alliance (NCSA) has called on state leaders to work with schools and colleges to ensure that cyber-security, online safety and ethics lessons are integrated into every classroom."

Personally, I'd like to see some teaching about the dangers of cybercrime, with particular reference to scams. University students are a popular target for money mule scams, given as how they usually have the appropriate time, facilities, and need for cash. Warn the kids before they leave school, since it may be too late soon after that.

Thursday, 9 August 2007

Six arrested in 419 scam with Australian victim

Source: news.com.au

A 49 year old Australian man has been swindled out of AU$1.76M in a classic 419 scam before figuring out he was being conned. When invited to meet the scammers in Amsterdam, he tipped off the Dutch police, and they were able to arrest six of the scammers.

Wednesday, 8 August 2007

Storm Worm Epidemic

Source: The Register

SecureWorks claims that the number of hosts infected with the Storm Worm has gone from thousands (in January through May) to millions (in June and July) -- a nigh-thousandfold increase. They offer some speculation on the impact of this.

I speculate that it is primarily driven by phishing, and that the worm is primarily being used as spyware to obtain authentication credentials. I say this because I have noted a distinct drop in phishing email at the same time I've seen the increase in "e-card" spam characteristic of the Storm Worm.

Domain Registrants Being Phished

Source: CircleID

Edward Falk reports on CircleID that GoDaddy customers are being phished. He suggests that this is to obtain administrative access to domain names, but it seems to me just as likely that they want simple access to hosting accounts. Perhaps there are other details not revealed in the article which make the aims of the phishers clearer.

Tuesday, 7 August 2007

Current Malpractice: Single Webserver

Source: vnunet.com

The article is titled "Boffins find way to fight spam scams", but that's misleading. The boffins in question are presenting at USENIX Security 2007, and their findings relate to websites advertised via spam. What they find is that the vast majority are hosting sites on a single server, as opposed to proxying through a botnet. Such techniques are prone to change in reaction to countermeasures, of course.

Monday, 6 August 2007

The Malware Marketplace

Source: The Register

The Register has written a short report on research conducted by Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, in which the black market for malware is described as having a similar dynamic to eBay or other online marketplaces.

Friday, 3 August 2007

Russian pair phish $500k from Turks

Source: HULIQ.com via The Register

Two Russians, based in Togliatti, have been phishing Turkish bank accounts for the past two years or so. Their method for obtaining credentials involved malware, although it's not clear from the report whether the malware was installed on bank computers or customer computers (presumably the latter). Funds were transferred to the accounts of mules, who then forwarded it via Western Union: a total of 265 transfers totaling $508,000 between February 2005 and April 2007. One of the phishers has been arrested, the other remains at large.

Wednesday, 1 August 2007

Frequency X talks Mules

The Frequency X blog has published an entry on the subject of Money Mules, which also links to a webinar presentation on the subject. The webinar requires RealPlayer, and didn't work for me with Helix Player 1.0.6.