Cyber crimes

cyber crimes, internet fraud, cyber security, information security – KeyboardCrime.com

Crime- and Blackvertising

February 9th, 2012

Nowadays owning a website has become something perfectly normal. Most of us have at least one. The abundance of websites in the World Wide Web has led to a revolution in online advertising. Advertisement networks such as Google Adsense have turned into multi-billion dollar industries. While browsing the web you are exposed to hundreds of adds every hour. Every website has at least a few. However, not all types of internet advertisement are ethical or legit. There are many underground, well, not so underground as fraudulent advertisement networks that span across hundreds of thousands websites.

That form of advertisement call very well be called crime or black hat advertising, crimevertising and blackvertising for short. These networks are linked to internet fraud, in fact they often advertise fraudulent websites. Quite often criminals hide exploits and / or spyware inside normal looking advertisement banners and submit them to the popular advertisement networks. However, the new forms of internet fraud advertisement- the blackvertising and crimevertising- work according to a new “formula”. The add network owners embed harmless and ordinary looking adds that advertise illicit services.

Well, this “new” type of advertisement isn’t exactly that new. It has been around for years, for instance, there are a lot of banners placed on underground internet fraud forums that advertise everything from criminal job offers, malware, spyware, Trojans to even crooked cashout services. However, recently the malware coders have started offering an unusual service- placing paid banners in the browser based admin panels that the users use to control their botnets. As you might already be aware of, that form of advertisement can put a brand name or a short text in front of the eyes of a huge audience for hours on end!

Here is a fine example of blackvertising. This is a screenshot from the Blackhole Exploit Kit interface. It allows users to build a botnet easily and most importantly quite quickly. The Blackhole users infect their victims with the help of thousands hacked websites that easily infect users with older browsers. The botnet admin then can monitor the infected  victims and observe each website’s success rate.

Blackhole Admin Panel

On the screenshot that we posted above, you can see the admin panel of the Blackhole Exploit Kit. It shows a few add banners that advertise cheap Internet traffic. That is a fine example of blackvertising.

Are you interested in knowing how much these banners costs? Well, according to Blackhole’s administrator and owner, a hacker who is better known as “Paunch”, placing an add that will show up on all administrator panels in the Blackhole network, costs $700 per month. The exact number of impression is unknown, however there certainly are a lot of Blackhole users.

According to a popular anti internet fraud company, the Blackhole network is the most popular way of carrying out drive-by attacks. 40% of all redirections to fraudulent websites in the world were linked to this network!

Blackhole's Popularity

The Blackhole Internet crimevertising network is just a small example of internet fraud advertisement. This advertisement method surely has a future and will grow into a profitable business in the upcoming years.

Tags: , , , , , , , , , , , , , ,
Posted in Categories: cyber crime | No Comments »

Over 200 Fortune 500 Companies and the USA Government Computers Infected

February 2nd, 2012

In the middle of November 2011, the US Government put an end to a huge internet fraud scheme. A malicious code hijacked traffic from the computers it infected. However, the special thing about this fraudulent activity was that the infected computers were part of corporate networks and even government ones.

The malware is also known as DNSChanger Trojan. It secretly modifies the infected computer’s internet settings, so it reroutes the user when searching for specific keywords or visiting internet pages that can help the user treat the infection. Furthermore, DNSChanger Trojan always came with a number of  other malicious programs. This means that every infected computer also hosts additional malware.

DNS Malware

Authorities made a breakthrough in November 2011. The Estonian Police arrested 6 people who were suspected of controlling the DNSChanger Trojan and using it to infect 4 million computers in over 100 countries. Half a million of the infected computers were based in the United States alone!

The internet fraud scheme thrived until security experts decided to undertake a massive attempt to shut it down. As the investigation progressed, however, one security company- Wash. Company- discovered that the malicious code had infected the computers in more than 200 firms listed in Fortune 500 and in more than 25 government institutions.

Surprisingly, no one has tried to remove the DNSChanger Trojan until that point of the investigation. Because of the high security risk that this infection is, authorities have made the tough decision to cut internet access to all infected computers. Apparently, that is the only way to shut down the huge DNSChanger botnet. The deadline is until the 8th of March this year.

Why is there a deadline? Well, cleaning up this HUGE infection would certainly require years. Internet fraud experts have stated that the DNSChanger botnet can’t be allowed to expand further. So, setting a deadline in the near future is actually a painless way to get rid of the problem.

DNS Changer Working Group has announced that webmasters who are in control of large networks can find out whether or not their networks are infected by sending a request to the group. Even normal users can treat the problem, just follow this link.

No matter what you think, there certainly should be a deadline. Yes, it is painful and this massive shutdown is going to affect millions of people, not to mention hundreds, even thousands of multi-billion companies. However, the DNS Changer botnet internet fraud shouldn’t be given more expansion space. The only way to get rid of the problem is to undertake this shutdown.

There are public debated on whether or not the deadline should be extended. So, check your computers and be careful- downloading files from unknown servers and even visiting shady web sites might fetch you a new infection!

Tags: , , , , , , , , , ,
Posted in Categories: cyber crime | No Comments »

Microsoft and Russian Spammers- What do They Have in Common? Part 2

January 30th, 2012

A few days ago, we uploaded a report on Microsoft’s latest victory over the underground cyber crime world. In a coordinated takedown, Microsoft destroyed the Kelihos botnet spam network and even managed to reduce global spam levels for a while. However, they also discovered that the mastermind behind this huge spam machine is actually a Russian security expert who goes by the name Andrey Sablenikov. The 31 year old programmer currently resides in St. Petersburg and works for a computer security company.

The Kelihos worm actually shares a lot in common with the quite popular botnet Waledac. It was a much more powerful spam network that infected a few hundred thousand computers and generated huge amounts of spam messages, containing advertisements of illegal online pharmacies. This botnet was clearly a cyber crime machine! However, despite that the Kelihos code looked much like Waledac’s, Microsoft classified them as completely different spam botnets.

Last wekk, Microsoft filed a report in the court in the State of Virginia, which stated that Andrey Sabelnikov was the man behind Kelihos. Nevertheless, cyber crime experts shared that Andrey Sabelnikov might only be the coder behind the Kelihos spam botnet. Brett Gross- a security expert with years of experience in that field, shared that Kelihos is actually based on absolutely the same code as Waledac and there are just some minor modifications. Mr. Gross said that the real mastermind behind the 2 botnet projects is also Russian and well known to the global cyber crime and spam experts – Peter Severa.

So, who is Peter Severa? Also known as Severa, he is the “Peter North” of spam. Why? Well, Peter Severa translates into English exactly to Peter North. Reason number 2 for that is the type of spam Mr. Severa was sending- advertisements for male enhancement drugs. This name fits him perfectly, haha!

According to cyber crime specialists, Peter Severa earned more than $600, 000 just from spamming advertisements of shady online pharmacies. The money were earned in an almost 3 year period. Peter Severa made more money renting the spam botnets to other spammers or customers. 1 millions spam emails were priced at $200, shady junk mail campaigns cost $300 per million sent mails and phishing mails cost $500 per 1 million letters sent!

Spam Price Listing

Authorities revealed that Peter Severa’s real name might actually be Peter Levashov. This matches the information Severa provided to a couple of well known spam sites and forums.

Severa’s last online campaign was linked to Kelihos. He launched an affiliate program for an antivirus software which installed a fake antivirus app and Kelihos on the cyber crime victim’s computer.

Severa's Services Nowadays

We are not exactly sure what kind of botnet Severa uses right now. However, he is still offering his spam services and astonishingly the prices are almost the same as they were 3-4 years ago!

Tags: , , , , , , , , , , , , , ,
Posted in Categories: cyber crime | No Comments »

Microsoft and Russian Spammers- What do They Have in Common? Part 1

January 26th, 2012

When talking about one of the biggest software companies in the world, it is absolutely clear that things are quite serious. Microsoft’s projects are always costly and involve billions of dollars. It is always interesting to observe this big corporation’s activities.

In 2011, Microsoft spent millions of dollars to take down one of the biggest global spam “factories” – a botnet named Kelihos. The coordinated takedown destroyed this spam machine and even reduced the world wide spam levels for some time.

However, this week Microsoft announced that one of the most famous Russian cyber security experts was the mastermind behind the Kelihos spam botnet. His name is Andrey Sablenikov, 31 year old who currently lives in St. Petersburg. Andrey Sabelnikov worked for a couple of years in a company that develops and provides customers with antivirus and firewall software.

Andrey Sabelnikov

The official Microsoft statement didn’t include the name of the Russian cyber security company, however, a mere look at Andrey Sabelnikov’s LinkedIn profile revealed that he used to be a senior software developer and also project manager between 2005 and 2007 in the Russian antivirus company Agnitum, which is also based in St. Petersburg. Agnitum is quite famous for its free firewall software known as “Outpost”.

The story continues- Andrey Sabelnikov’s recent occupation was the position of senior software developer in yet another software company- Teknavo. It develops software for large companies in the sector of financial services and operations.

How was Sabelnikov’s participation in the Khelios project discovered? A cyber security expert and researcher recently found a way to obtain a copy of Khelio’s source code. He noticed that the source code file contained a piece of debug code which was assigned the task of downloading the software installer from an internet website. However, this website was “sabelnikov.net”- a website registered with Andrey Sabelnikov’s name. This website is confirmed to be a property of Andrey Sabelnikov, as it links to his LinkedIn and VKontakte profiles.

Microsoft also mentioned that there is a lot more evidence that also leads to Andrey Sabelnikov. What that might be, we are still guessing, as there is no official information available for public access.

Kelihos was quite a powerful botnet. It is estimated that around 40 000 computers were infected with the malware and served as “zombies” –machines that send spam messages upon request.  Some of the biggest botnets are known to control over a few hundred thousand machines. However, a botnet bigger than a couple of thousand computers is actually a global spam machine. With that amount of spam “zombies”, the botnet’s administrator can send millions of messages per minute!

No matter what you do, don’t download pirated software, as it presents a great cyber security risk. Usually, that is the way how botnets expand. Botnet administrators link an “.exe” file with the malware’s source code and voala, they’ve got a way to infect computers. Once you download the “.exe” file and run it, your computer becomes a spam “zombie”!

Tags: , , , , , , , , , , , ,
Posted in Categories: cyber crime | No Comments »

The Google of Fraud Sites

January 21st, 2012

Google is priceless when it comes to finding all kinds of relevant content. We use it every day! Without search engines the internet world would be a much “darker” so to say, place.

However, did you know that there is a search engine that indexes only internet fraud websites? Well, yes there is! It’s called “Mega Search” and serves to connect buyers to a number of online stores that offer a huge catalogue of dodgy and shady goods and services.

Data breaches and leaks in the last few years have created a huge network of shops that trade with this stolen information- credit card number, identities, etc. However, the problem with these online stores is that the potential buyers first need to register in order to find out whether or not the shop is offering the credit card type they are looking for. “Mega Search” comes in handy here- it gathers data about the credit card types and the online stores that sell them, turning all this into a nice internet fraud catalogue.

The website’s creator has written that his fraud search engine does not index the compromised card numbers in its data base nor the information about the people who own the cards. Instead of that, “Mega Search” only indexes the first six numbers of the card. They are better known as BIN (Bank Identification Number” and enable potential buyers to identify the card type.

This new internet fraud search engine has raised a number of alarms in the internet security world. Security experts are worried that Mega Search makes fraudulent activities, involving stolen credit cards or identities, much easier.

“Mega Seach” has currently only 5 credit card shops in its data base. A few additional stores are expected to be fully integrated into “Mega Search” soon. The search engine’s owner has openly acknowledged that he requires internet fraud shop owners to pay him a small fee in exchange for listing the shop into “Mega Search”.

“Mega Search” launched in Q4 of 2011 and since then has moved more than 200, 000 different credit cards. Nowadays, this internet fraud search engine has more than 352, 000 stolen credit card numbers in its data base, all of which for sale!

The Bank Identification Number statistics on the website shows that Citibank credit cards are most popular and sought-after. They are followed by credit cards from FIA and Chase.

“Mega Search” is expected to be updated soon with a number of new features being incorporated into its interface. These include Social Security Numbers, proxies (hacked computer IP’s) – so users can make their online fraudulent shopping more secure- surveys, so users can rate the best shops and a lot more!

“Mega Search” is just one of the many internet fraud web sites that have surface in the recent years. With more people on the internet, this type of crime is expected to become more prevalent!

Tags: , , , , , ,
Posted in Categories: cyber crime | No Comments »

Improving the Company’s Security through Dummy Scams

January 17th, 2012

Nowadays companies around the world aim to reduce the time employees spend browsing the World Wide Web. These anti-Internet measures are expected to boost productivity. However, some companies really rely on the Internet for everyday tasks. With that kind of exposure to the online world, there are always security risks and what creates these risks are the employees.

In every office there are a few people who always fall for internet scams. As this posses a great cyber security risk to the entire company these people are working for, security experts have devised a way to “teach” these employees how to recognize phishing websites and other types of internet scams. They have developed a completely new and open source tool that makes creating a phishing web site a breeze.

The “Simple Phishing Website Creator” comes with a site scraper that can virtually copy any Internet page and create a phishing duplicate that can be used to lure users into giving away personal and company data. The open source Phishing toolkit is bundled with an administration app which records and stores information about the user’s behavior on the page. The phishing’s site administrator can easily check how much time each visitor spent on the website, what each visitor’s OS, browser and IP address are and many more.

However beneficial this open source tool might seem, a lot of cyber security experts have raised the alarm that this tool could be abused by fraudsters to steal valuable information such as credit card numbers, bank account information, etc.

The “Simple Phishing Website Creator” was first released in October 2011 and has since then gained a huge popularity among corporate clients and cyber security companies. The product’s development team has already released a 4th version. It includes a simple education module which can be used to warn the website’s visitors about the risks that malware downloads hide.

This open source phishing tool kit is really easy to install and most importantly to use. The users need just a copy of the free software bundle called WS or WampServer. It includes Apache, MySQL and PHP. All this makes setting up a phishing website possible in under 5 minutes!

Cyber security experts are quite sure that many fraudsters are going to benefit from this educational tool. As we already mentioned, setting up a phishing website and using it to obtain all kinds of valuable information is a painless task. This enables criminals to mass launch phishing attacks and can lead to terrible consequences for many Internet users.

In order to protect yourself, your family and / or employees from phishing attacks, educate them of the risks that freeware downloads hide. Try to also carefully check every website you are entering sensitive information into. Phishing websites can really look like the original page, but there are always some minor differences!

Tags: , , , , ,
Posted in Categories: cyber crime | No Comments »

New Type of Phishing Attack on Facebook

January 15th, 2012

Facebook has grown into a world-wide social network long ago. Nowadays, Facebook has come close to a billion users, more than half of which active every day! Social networking is expected to become even more popular in the next 10 years, meaning that sites like Facebook and Twitter will continue growing at staggering rates!

With that many users, cyber attacks on social networking sites are nothing out of the ordinary. Hundreds of different criminals attempt to commit cyber crimes such as identity thefts, information security thefts, etc. However, one type of cyber crime has become quite popular today- phishing.

What we call “phishing” is actually the attempt to gather sensitive information such as usernames and passwords for certain accounts, credit card numbers and PIN codes, etc. Typically, this is done by impersonating someone close to the victim or a fake trustworthy entity in the criminal’s electronic communication with the victim. Phishing attacks often redirect the victims to fake website who look exactly like the original. So, a phishing attack on Facebook would mean that you will get redirected to a fake “Facebook”, which in reality is owned by the attacker. The criminal will then record your username and password and use them to hijack your account.

This type of cyber crime is especially dangerous when the attacker is aiming for your bank account data. By stealing your credit card number and PIN code, he then might use your bank account to fund any kind of illegal activity.

Internet security experts have recently reported that the criminals behind the phishing attacks are impersonating Facebook’s security team and are accessing Facebook’s network using hijacked accounts. Every time they manage to hijack an account, they use it to send a message to all of the user’s contacts, informing them that they will no longer be able to use their Facebook accounts, unless they confirm them. And guess what, the criminals require your Facebook login data to “confirm” the account.

Some victims of this cyber crime has reported that the fraudsters also attempt to get your credit card number. Thankfully, the number of users who fell for this trick is quite low!

Once the attackers successfully steal a user’s login data, they access his account, change the picture with the Facebook logo and the name to “Facebook” Security. Then they put a link to a phishing website in a private message and send it to all of the user’s contacts. After victims input all of their personal information, they are then asked to provide further information such as, credit card number and bank account data to finish the verification process and purchase “Facebook credits”

This type of cyber crime is getting more and more popular. No matter how convincing a message from Facebook’s security team might look, never get tricked into giving away your account data, let alone your credit card number. Follow this simple advice and you are sure to steer clear of trouble!

 

Tags: , , , , ,
Posted in Categories: cyber crime | No Comments »

Flying Thanks to Fraudsters

January 12th, 2012

Since the 60’s, flying has become the preferred form of transportation for millions of people. Some of the busiest airports in the world are estimated to handle around 600 million to 1 billion people each year and with the increasing world population these statistics are only about to grow.

Flying however has one major flaw- it’s expensive. The saying time is money applies fully here. Saving days of travel will cost you a lot of money. Normally, an intercontinental flight in the economy class will cost you around $800-$1000. The business class is on a whole new level- $2500 to $5000 for a regular flight. These high prices have helped criminals who commit internet fraud to launch a new highly successful business- ticket scams.

A ticket scam sounds scary, but actually this type of crime isn’t meant to hurt you. Internet fraudsters steal the tickets from the flight companies and sell them to you on a much lower price! The typical discount is 75%, though some of the criminal travel agencies go as low as 85%. Imagine what kind of a profitable business we are talking about- you can buy a ticket that costs $1000 for as much as $200! Surely a lot of people are tempted and will continue to buy tickets from criminals committing this type of internet fraud.

How are the tickets purchased? Criminals employ a number of tactics to get the tickets, however, the most common ways of doing so are the stolen credit cards and the hijacked company employee accounts.

The major Airlines are all reporting spikes in this internet fraud. In 2010, only 18 fake tickets were reported to officials, however this year we are seeing a dramatic increase in the fake ticket use- 113 fraudulently booked tickets were reported. Criminal travel agencies do guarantee a success rate of about 95%, so the real number of this kind of tickets is still unknown.

At first glance, this statistic might seem fake. You are probably thinking “who would dare buying a ticket that way? Who would risk jail time offering these services?” Well, in reality, there are hundreds of underground criminal travel agencies, all of which employ criminals specialized in internet fraud. These underground crime organizations don’t only offer fraudulently booked tickets. Their product portfolio is quite rich, including services like hotel reservations, car rentals and many more. Thanks to this internet fraud, thousands of hotels, car rental and airline companies are experiencing staggering loses.

Some of the criminals go as far as boasting that their service has excellent customer support. They might even let you check the status of your ticket before paying. Here is a screenshot that can serve as an illustration:

 

 

 

 

 

I sure hope you won’t get tempted in using the services of these criminals who are experts in the field of internet fraud. Yes, it might seem like a nice offer, but truth is ticket prices might really go up if this grows into a popular shady business. Don’t support criminals, remember, your ticket purchase will be made with someone’s credit card!

 

Tags: , , , , ,
Posted in Categories: cyber crime | No Comments »

How to Bypass Router Security

January 6th, 2012

We are living in the 21st century, so I suppose you are using a router to access the World Wide Web and read this. Routers are devices that make the ISP’s job a lot easier and really save them a few extra IP addresses per household. Almost everyone protects his wireless internet connection with a password, making it impossible to access by outsiders. This helps prevent slow internet speeds and protects you from various cyber crimes.wi-fi

However, the sad things is that security researchers have developed tools that are quite useful when trying to bypass a router’s wireless network security encryption. This, as you have already thought of, makes committing a cyber crime a lot easier. Imagine that- sitting on a bench in front of a building and “hacking” all the wireless networks in range. After that you can easily monitor (sniff) the user’s traffic and for instance steal their accounts information, credit card numbers, etc.

The thing that makes hacking a wireless network and committing a cyber crime easy is called WPS or “Wi-Fi Protected Setup”. WPS comes with almost all commercial routers and is designed specifically to help users with limited knowledge in wireless networks configuration, easily setup their connection’s settings and encryption. A few years ago, setting up a home Wi-Fi network to use encryption, was a labor intensive assignment. It involved navigation through a lot of confusing Web-based router menus and messing with hundreds of odd sounding and ill-explained options like WEP, WPA, TKIP, AES. The bad thing was that only a few router manufacturers offered instructions on how to set up the network’s encryption options.

So, how is the WPS linked to the increased possibility of cyber crime? Well, all routers which have a build-in WPS, also come with their own unique personal id number (PIN, usually 8 digits long). By using the WPS, you can encrypt your wireless connection with just a push of the button. You will then be required to enter your PIN number to confirm this. The new research found out that routers equipped with WPS are vulnerable to something considered outdated- the brute-force attack. The device’s PIN number is only 8 digits long, so there aren’t many options. A prolonged brute-force attack will certainly reveal the PIN number and grant the attacker access to the router.

There is only one way to protect yourself from this type of attack on your wireless connection. You have to temporarily disable authentication after a specified number of failed attempts is reached. Thanks to the quick feedback from computer security specialists, a lot of public Wi-Fi hotspots implemented this protection. Hopefully, committing a cyber crime got harder for criminals that way.

If you have a relatively new router and are actively using its wireless function, then please, for your own sake check whether or not it is using a WPS. If it is, use the above mentioned security technique. You don’t want to be the victim of a cyber crime.

 

Tags: , , ,
Posted in Categories: cyber crime | No Comments »

Busy Signal Cyber Crime

December 29th, 2011

A brand new service around the cyber criminal contingent could be hired to connect the telephone lines associated with a specific mobile or a landline phone all over the world. The services are promoted like a diversionary tactic to help e-thieves in a cyber fraud that aims commercial clients of banks that routinely call clients to ensure large financial transfers. If you maintain regular contact with your bank, then you are in danger!

Have you heard of what a ddos attack is? Also called denial of service attacks, the ddos attacks aim to completely paralyze a website, so it can’t take more requests and “shuts down”. That’s what the criminals do here. They basically block the landline or mobile phone with junk calls and it can’t receive legitimate calls no more. Prices vary, but the usual rate is $5 an hour or $40 to $50 per day!

Criminals offering this cyber crime “service” even have discounted packages! Frequent buyers get huge discounts and are even offered the opportunity for each call to the targeted phone to be made from a unique phone number. That way, it simply can’t get blocked, because the caller ID is never the same. A lot of the fraud boards on the internet are operating through escrow, so customers can pay only when they are satisfied with the quality of the services.

The FBI first reported this new type of cyber crime in the middle of 2010. They reported that receiving a number of “dead air” calls in a short time frame is a certain sign that your bank account is tapped to and soon to be emptied. FBI also said that these ddos phone attacks are just a diversionary tactic. That way the criminals have enough time to empty the bank account before the bank manages to contact the account owner.

This service is quite dangerous when used by criminals with experience in cyber crime. It’s also available to thousands of criminals, making it a service for hire. Imagine that, nowadays even criminals can outsource their work!

You are able to rent a botnet which will spread your emails with Trojans attached and steal internet banking user names and passwords from the1000′s of people who will click on the booby-trapped attachment. You can buy Web scripts where you can alter the behavior of specific bank Internet websites when they are displayed within the victim’s browser. If you would like help “carrying” the loot, you can rent use of money mules which are hired by mule recruitment gangs. And if you need a diversion to draw attention away from you cyber crime or just annoy the people you are stealing from, you can to rent this telephone ddos service.

Posted in Categories: cyber crime | No Comments »

« Older Entries
■  Cyber crimes cyber crimes, internet fraud, cyber security, information security – KeyboardCrime.com