Wednesday, 31 October 2007

Practical Identity Theft

Source: The Times

This is really a hybrid crime, rather than a strict cybercrime, since part of the fraud involved physical intervention, but it's one of the most detailed descriptions I've seen of a practical identity theft. In this scam, the fraudsters perform an account take-over, order a new debit card on the account, intercept it, and abuse it. Internet banking was not involved in any crucial manner.

Tuesday, 30 October 2007

Supervalu harpooned in spear phishing attack

Source: Computerworld

Recently filed court documents reveal that the grocery chain, "Supervalu Inc.", fell victim to a kind of spear phishing attack in late February/early March this year. The fraudsters simply sent them email impersonating a couple of suppliers, and informed them that future payments should be directed to new bank accounts. Over ten million dollars wound up in those accounts before the problem was noticed. Egg, meet face.

FTC Report: 22% of reported fraud is net-based

Source: USA Federal Trade Commission

The FTC has released a report on fraud, revealing that 13.5% of adult Americans fell victim to some kind of fraud in the year under study. The three most common media for perpetrating fraud were print (27%), the Internet (22%), and TV/radio (21%). The most common kind of fraud was good old fashioned snake oil: fraudulent weight loss products.

Thursday, 25 October 2007

Revised estimate on TJX breach: 94 million cards

Source: The Register

According to documents filed in court, the number of credit cards compromised by the TJX breach (which came to light earlier this year) could be as high as 94 million -- more than double the figure the company has admitted in past statements.

Pump and dump is old hat


Forget pump and dump: cybercrime 2.0 for stock markets involves selling real stock tips for real money. Step one: sell stock tip that stock X will reach a certain high price at a certain time. Step two: make it happen by offering to buy the stock at that price -- using a compromised online trading account, of course. Repeat.

Wednesday, 24 October 2007

1-Day Acrobat flaw being exploited

Source: The Register

One day after the release of the secutiry patch, spammers are exploiting a flaw in Adobe Acrobat via malicious PDF attachments. "The code and servers used in the attack are nearly identical to September 2006 Vector Markup Language (VML) zero-day attacks that took place one year ago."

Malware is up

Source: vnunet

A report released by Microsoft claims that there was a 500% increase in Trojan downloader/dropper activity in the first half of 2007 relative to the prior six months. This direct "compromise the end user computer" approach appears to be gaining popularity relative to the traditional social engineering based phishing attacks, at least as far as the serious criminal enterprises are concerned.

Tuesday, 23 October 2007

Chinese Cyberespionage

Source: vnunet

Please excuse the neologism, but China has frequently been accused in recent times of cyberespionage, as in the case of this vnunet article, where Germany adopts the role of accuser. Is this really the activity of the Chinese governmnet? Or, to put it bluntly, is anyone really so dense as to use their own infrastructure when conducting an attack of this sort?

Wholesale web attack: 24/7 Real Media + RealPlayer

Source: The Register

The servers of web ad network 24/7 Real Media were compromised and laced with references to a Dutch site which was hosting malware. The malware, dubbed Trojan.Zonebac, attempted a stealth install through a security hole in the RealPlayer software (for which a patch is now available as of Friday). "Symantec discovered the tainted ads on October 8. It remains unclear how many ads Real Media served or when the problem was corrected."

Botnets as proxies

Source: Frequency X

Botnets have a thousand and one uses, one of which is to act as a general network proxy. This article gives an interesting insight into blackhat botnet services, particularly botnets as a proxy service. The tools are quite advanced, and the going rates for service quite attractive.

Friday, 19 October 2007

Stock Spam using MP3s

Source: Sophos

Pump-and-dump stock spam has frequently been at the leading edge of spam trends. As I recall, it was an early adopter of image spam, and then PDF attachments. Now they're pumping out dubious stock tips in distorted voice recordings attached as MP3s. If history repeats itself again, other forms of spam will also adopt this technique, but it won't last long.

Tuesday, 16 October 2007

eBay and PayPal phishing way down

Source: Sophos

According to Sophos, eBay and PayPal aren't copping the lion's share of phishing attacks anymore: a year ago 85% of incidents targeted these two, and now it's a mere 21%. Either the services have been overphished, or their countermeasures are proving effective, since the phishers are now spreading their nets more widely.

Thursday, 11 October 2007

Online Gambling + Botnets = Money Laundering

Source: The Register

Bot herders are becoming increasingly active in online gambling as a means to launder money (e.g. from stolen credit cards) or simply make money.