Whitehats vs. Blackhats: Techniques of the Cybercrime Elite Trickle Down to the Public Domain

Advances made in the cybercrime world over the past year prove that the trickle-down effect does not only apply to tablet computers and space tourism. Rather, much like real world products, techniques that were once reserved for the cybercrime elite have trickled down to the public domain, bestowing low-skilled botmasters with the same research-thwarting tools that not too long ago were used solely by malware experts.

Underground Credit Card Store Operators Aggregate Their Stolen Data

The constant hustle and bustle of underground fraudster markets is a bountiful source for any and all types of fraud commodities and partnerships formed between seemingly anonymous criminals in the virtual world. And yet, one very prominent vertical, if we may, stands far out from the rest—credit card shops and just about everything that has…

Man-in-the-middle Standing Between You and Your Cash

Hello Man in The Middle, so we meet again. It appears that lately, this older and slower adversary is back in the wire fraud business, this time more organized and featured in better-orchestrated Trojan attacks than ever before. MiTM attacks were rather prominent through 2009 and used by most fraudsters to commit online banking fraud. MiTM…

Fraudsters Point Their Guns at the Infrastructure

Warlike tactics are employed by each of the factions; security companies and financial institutions – the main defensive arm of the faction – build barricades to stop attackers. The fraudsters, on the other hand, try to outflank them by finding ways to circumvent these defenses, whether those are based on technology or on social engineering. Another tactic that is often used in real-life wars is the targeting of the enemy’s infrastructure.

ZeusiLeaks Archives File 003: The Chairman’s Assistant

In this ZeusiLeaks file I’ll talk about how fraudsters tap the communications of a company’s executive board – the holy grail of inside info. Quick reminder: WikiLeaks, the largest leak of data the world has seen? Nonsense! Trojans like Zeus and SpyEye lurk on millions of personal, corporate and government PCs, stealing data 24 by…

New SpyEye Gains Zeus Features – A Detailed Analysis of SpyEye Trojan v1.3

The RSA Research Lab has analyzed one of the most recent SpyEye v1.3 variants and has determined beyond doubt that the new hybrid Trojan is in fact already active in the wild. RSA’s researchers were able to reverse engineer the code and assert that it does indeed contain an exact code piece that has long been part of the Zeus Trojan’s sophisticated HTML injection mechanism. Snapshots of the assembly code are included below (See Figure 1 and Figure 2), courtesy of the RSA Research Lab.

Fraud News Flash: Bogus Ad for Zeus-SpyEye Hybrid Trojan published in Underground Forum

On Friday, January 14, 2011, McAfee posted a blog entry titled “Combined Zeus/SpyEye Toolkit Announced”, based on a fraud forum post by “Hardersell”, in which this individual supposedly offers the much-anticipated SpyEye-Zeus hybrid Trojan for sale. Hardersell’s comments were published in an open, low-grade Russian-speaking hacking/carding forum, making its credibility lower than the more prestigious, exclusive, closed Russian-speaking forums.

Zeus 2.1 – Stronger & More Secure, But Will Fraudsters Upgrade?

Just as technology continues to innovate and evolve (3D televisions anyone?) cyber criminals must also innovate to keep their “consumers” engaged. A few weeks ago, we started seeing reports of a new and improved Zeus Trojan – dubbed Zeus 2.1. This new version includes features which help it avoid analysis and hostile takeover.