Thursday, 29 November 2007

"Celebrity" spam gang significant

Source: The Register

Researchers experimentally infected a computer with malware spread through email which used a hook of "attachment has pictures of nude celebrities". The computer became part of a botnet being used to distribute spam. Analysis of the spam showed that this particular kind of spam accounted for 23% of all spam volume seen in the previous month.

Stealth defacement for SEO


Al Gore's "Climate Crisis" website has suffered "stealth defacement" (malicious modification not visible to the average viewer) for the purposes of boosting the search rank of spammers' pharmaceutical websites. We have seen this technique used to incorporate IFRAMEs which include browser exploits; this is the first notable instance of defacement as a means to boost search ranks.

Thursday, 22 November 2007

The value of passwords

Source: Frequency X

Arbitrary username/password combinations have value in the black market of cybercrime independently of where they were obtained. This is because many people choose the same combination on several sites. Thus, in many cases it's not necessary to phish for authorisation credentials: you can simply coax someone into creating an account, and then try the resulting username/password combination at various other high profile sites.

Twelve Spam Research Papers

Source: Network World

For the researchers: this Network World article gives a quick precis of (and links to) twelve current spam-related research papers. Four of the papers relate to image analysis, two to anti-phishing education, two to blacklisting, two to general improvements in filtering techniques, one to VoIP spam ("spit"), and a cybercrime-related paper called “An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants". (Note: do yourself a big favour and navigate immediately to the printer-formatted view of this article if you read it.)

Wednesday, 21 November 2007 IFRAMEd

Source: The Register

Monster's website was hacked to include malicious IFRAMEs. This technique of "hack a high profile website as a malware distribution vector" is hardly new, but the incidents are becoming bigger and more frequent. This kind of threat poses a significant challenge, since the malicious data appears to come from a reputable source.

Wednesday, 14 November 2007

Cashing out credit cards

Source: Frequency X

Frequency X is running a short article on the market for stolen credit card credentials: how the market works, and what the current going rates are like.

Factory-installed malware on Maxtor drives

SourceL The Register

An unknown quantity of Seagate's "Maxtor Basics Personal Storage 3200" drives sold after August 2007 were contaminated with AutoRun-AH malware by a manufacturing sub-contractor in China. "AutoRun-AH is a Trojan that searches for passwords to online games and sends them to a server located in China. It also disables anti-virus software."

Saturday, 10 November 2007

IndiaTimes compromised; spreads malware

Source: ScanSafe

The India Times website has recently been compromised and is now exposing readers to a range of malware infections. The extent of modification to the India Times site itself is minimal and invisible to the casual visitor: the exploits operate via embedded IFRAMEs and scripts.

Friday, 9 November 2007

eBay scams and their mules

Source: The Register

This article provides concrete details of several eBay scams in which phishers compromise eBay accounts with pristine ratings in order to defraud people. Payments are sent via money mules to sustain the illusion that there is no overseas involvement.

Wednesday, 7 November 2007 employee phished; customers spearphished

Source: The Register

A employee fell fictim to a phishing attack, which resulted in compromise of customer data through his account. This, in turn, was used to conduct spearphishing attacks against certain customers. Since then, the same data has been used to send targeted email with malware-laden attachments.

Web ads exploited as attack vector (again)

Source: The Register

A number of mainstream websites have been used to dish up malware (parading as anti-malware) via advertising slots. The payload is delivered quite selectively, making detection difficult. The victim is confronted with a pop-up warning them that their computer is compromised, and offering a service to fix it (which has exactly the reverse effect).

Tuesday, 6 November 2007

Kiddie porn ring busted

Source: The Register

An Internet-based child pornography investigation, code-named "Operation Koala", has culminated in ninety-two arrests spanning nineteen countries. The investigation commenced in July 2006, when "Australian police discovered a video depicting a Belgian father raping his daughters". "Police from 28 countries worked on the case."

Friday, 2 November 2007

PDF exploit ranked #3 for October

Source: Sophos

October's PDF-based Windows vulnerability (mentioned in this blog) was so heavily exploited in the last few days of the month that it ranked as the third most common email threat for the whole month. It accounted for 13.6% of malicious email for the month, and 66% of all malicious email during the period it was being sent, the 26th through 28th.

419 victim kidnapped, rescued

Source: BBC

An Irish victim of advance fee fraud was persuaded to go to Ghana in person to collect funds, then kidnapped and held for ransom. He was rescued by local police working in concert with Interpol.

Thursday, 1 November 2007

Circumventing CAPTCHA

Source: The Register

The concept of a "chess grandmaster" attack on CAPTCHA tests has been around for a while. This article documents in brief one such actual tool which is active in the wild. Users are invited to play a game of "undress the stripper" by solving a sequence of CAPTCHAs which actually originate on the sign-up pages of webmail services.