Speaking of Security – The RSA Blog and Podcast

As an employee at some company somewhere, you are probably putting your organization at risk every day – and you don’t even know it. Do you re-use the same password to login to multiple accounts? Are you visiting social networking sites and planning your upcoming summer vacation while at work? Have you ever logged in to check your work email from unsecured wireless hotspots? These are just some of the activities employees around the world do every day that seem relatively harmless, but could be putting their company at risk.

While RSA FraudAction Research Labs does not usually focus on pure-play spyware, over the past year, the Lab has repeatedly detected and handled strains of malware called the eDead Trojan. This highly-targeted spyware code was developed for the sole purpose of collecting keyword search combinations entered by infected victims who visit online banking, retail, webmail and web portal websites, primarily in Japan and Korea.

To me, online dating these days is not much different than online fraud. I speak from personal experience on both – as someone who has experienced the thrills of online dating sites (NOTE sarcasm here) and has the privilege of witnessing the latest online scams that fraudsters pull on a daily basis. I live in both worlds – and trust me, they are not much different.

Discussion and buzz about the burgeoning Fraud-as-a-Service (FaaS) trend in the cybercrime economy is as constant and as progressive as it gets. New FaaS offerings are only limited to the imagination of the dubious actors who offer them, and as such, are often creative and interesting in the ways by which they can make perpetrating fraud easier and more accessible to a growing number of criminals.

Phishers, botmasters and underground vendors are increasingly adapting business models and tools for their nefarious ventures. Botmasters are creating and selling blacklists to ward off research and shutdown attempts by infosec experts and law enforcement. Underground vendors transact with buyers using in-house or publicly available escrow services, and crimeware coders offer user manuals and responsive, multi-lingual customer support. Offering Trojans as FaaS, Citadel’s coders are likely the first to sell monthly subscription plans to guarantee their customer base periodic builder updates and bug fixes, and supposedly ensure ongoing, seamless development and improvement of their Trojan kit.

Fraudsters continue to extend their global reach through geo-targeted services and crimeware strains: Country-specific malware-infection services are readily sold to bot-herders via dedicated websites, with rates ranging from $30 to $250 per 1,000 infected computers. Ready-made botnets can be purchased in the underground along with HTML injections that target the region’s largest financial institutions, enabling [...]

Most consumers know what a virus or a Trojan is, but if you threw the word “scareware” at them, you might get a look as though you were an alien from another planet.  Scareware is no different than any other malicious software that finds its way on to your computer.  But the best way to [...]

Over the past few weeks, there have been several reports about the ways in which cybercriminals are making it harder to detect fraud by concealing what they’re doing as evidenced by a new kind of man-in-the-middle attack on Facebook users.

Hello Man in The Middle, so we meet again. It appears that lately, this older and slower adversary is back in the wire fraud business, this time more organized and featured in better-orchestrated Trojan attacks than ever before. MiTM attacks were rather prominent through 2009 and used by most fraudsters to commit online banking fraud. MiTM [...]

The RSA Research Lab investigates and monitors a large number of malicious cybercrime servers operating in the wild. The tool of choice this time – Zeus v2.1.0.10, the most advanced variant of Zeus to date. The end result: endless logs of compromised financial data and untold numbers of wire-fraud transactions.