Tuesday, 25 November 2008

New Symantec Report Reveals Booming Underground Economy

Source: Symantec

Symantec has released a report on the underground online economy. The report is derived from data gathered by Symantec’s Security Technology and Response (STAR) organization, from underground economy servers between July 1, 2007 and June 30, 2008. The potential value of total advertised goods observed by Symantec was more than $276 million for the reporting period.

Friday, 21 November 2008

Web Fraud 2.0: Faking Your Internet Address

Source: Security Fix

Security Fix provides a brief look at "Fraudcrew": an Internet proxy service which caters to the phishing community, recently taken offline with the disconnection of McColo (their hosting provider). One of the features offered by Fraudcrew is geographically located IP addresses. This aids in circumventing geographic checks that banks may put on Internet banking to detect abnormal use.

Wednesday, 12 November 2008

Spamalytics: An Empirical Analysis of Spam Marketing Conversion

Source: International Computer Science Institute

Researchers at the University of California, San Diego, and the International Computer Science Institute, Berkeley, have produced a very useful and highly empirical paper [1.9MB PDF] which provides an interesting inside view into the operation of the Storm botnet. The research involved actively hijacking a portion of the botnet and gathering data on its behaviour and the behaviour of spam recipients. This paper is receiving quite a lot of attention, including BBC news coverage.

Saturday, 1 November 2008

RSA on the Sinowal Trojan

Source: Speaking of Security (RSA Blog)

The RSA FraudAction Research Lab shares its findings on the Sinowal Trojan, also known as Torpig and Mebroot. Dating back as early as February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts as well as a similar number of credit and debit cards. The criminals behind Sinowal have not only created highly-advanced and malicious crimeware, but have also maintained one of the most hidden and reliable communication infrastructures, which has now been operating for nearly three years.