Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Instant Messaging E-Commerce Exploits- Judgement Day

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Instant Messaging E-Commerce Exploits- Judgement Day

Unread postby TeMerc » March 15th, 2006, 11:24 am

TeMerc wrote:Well after nearly 24 hours of nervous twitching and countless hours of tweaking and adding new info, PG finally got this article prepared and done. Turns out there was so much info, it will be broken up into two separate articles, the second of which wi enjoy the read.


by Chris Boyd, Security Research Manager; Wayne Porter, Sr. Director Greynets Research

PG wrote:Has it been too long? Withdrawl symptoms after the last bust? I can only apologise - but when you're defending the Net from Suckers (Kung-Fu style), sometimes you really have to deep-dive before you slam the bad guys in a ditch.

Usually I like to build up to the big payoff at the end of a lengthy tease. However, this bust is different so excuse me while I drop ninety tons of planet Earth on you.

We have, by means of a hot tip from a kickass guy named Rince, (and numerous chats since then...he social engineered those hax0rs good) found and analysed over 40 files, hunted down the connections between them all and uncovered a ring of Botnet herders using a custom built script that, powered by remote tools, scans vulnerable payment databases and attempts to steal customer details - names, addresses, credit card numbers - the whole nine yards. Even better, there is evidence to suggest this was being fired around...you guessed it, via Instant Messaging.

Image VitalSecurity.org


Acting on an anonymous tip, FaceTime Security Labs researchers have uncovered two "botnet" networks that collectively represent up to 150,000 compromised computers, one of which is being used as a vehicle to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords. The operators could potentially launch these scans from any computer on the botnet to mask their actual location.

In addition, after systematic research of the various groups involved, we have uncovered a number of websites where up to forty (40) or more files are being shared around this community, and reworked for individual Botnets to push the problem even further. Commercially available remote admin tools (similar to the ones employed here) are used to gain complete access of the end-user's PC - files can be uploaded, downloaded, or whatever the Botmaster feels like doing with the machine.

However, what the Botnet master really feels like doing, is downloading the payment database application to your PC, then scanning for misconfigured shopping carts using you as the fall guy.

Let us explain further...if an end user clicks on a malcious link passed to them via Instant Messaging, Remote Administration Server, a commercially available application produced by Famtech, is automatically installed via a "beh.exe". The install is designed to hide the application in the systray with no interaction from the end user. Once this application is installed, the end user's computer is compromised and can be accessed remotely with additional malware applications installed on the desktop.

Image SpywareGude


TeMerc wrote:Look for more to come from Chris and Wayne on this in the near future as they provide even more chilling details on how the bot herders carry on their business of reaping in the money and ripping off even their own so called business associates
User avatar
TeMerc
Visiting Staff
 
Posts: 461
Joined: March 14th, 2005, 7:22 pm
Location: Phx. AZ.
Advertisement
Register to Remove

Unread postby Piney » March 15th, 2006, 3:28 pm

Thank you for posting these :)
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm

Unread postby TeMerc » March 16th, 2006, 2:31 pm

The Digital Underground: Interview with RinCe
by Chris Boyd, Security Research Manager; Wayne Porter, Sr. Director Greynets Research

In Part 1, we looked briefly at the history of the attack and what the potential dangers were. This time round, we're talking to the individual who made the initial tip-off and assisted with gathering valuable intelligence, some of which has since been forwarded to the relevant Federal Authorities. If you're sitting comfortably, take a detour into the Digital Underground - keep your arms inside the booth at all times...

(Note - Paperghost is the online alias of FaceTime Security Research Manager Chris Boyd, RinCe is the individual who came forward with key intelligence and the chat was conducted via Instant Messaging).

[quote]Paperghost: Hi RinCe. We might as well go right to the beginning – have you always been into computers, or is it a recent thing?

RinCe : Basically, I’ve been brought up with computers all my life since I was 6, playing Warcraft II with my uncle on a LAN. I got into 'hacking' through leaving college - it was something to pass the time. I also hosted a few "hacker" websites for a short while and that got me interested in the scene. I grew out of it rather quickly as I had a taste of what it’s like to be on the receiving end of a hacker.


Paperghost: Really? What happened, did someone hack you?

RinCe: In a word, yeah. I know it sounds pathetic, but I lost my entire email account to a Trojan and lost 3 job interviews because I never got the Email back in time. It made me realise something so small can affect somebody's life like that in a major way.

Paperghost: …and that put you off the "scene", so to speak? I can imagine you'd be pretty wound up by that. We come across lots of people who got burned by either being a pusher or a victim, and it can have some pretty extreme effects.

RinCe: Yep, absolutely. So after that, I stopped the child’s play and that’s what leads to me reporting a group of hackers.

Paperghost: And just so people know, how did this come about initially?

RinCe: I was on Digg.com and was reading an article of yours, and saw the “Report a Suckerâ€
User avatar
TeMerc
Visiting Staff
 
Posts: 461
Joined: March 14th, 2005, 7:22 pm
Location: Phx. AZ.

Unread postby turtledove » March 17th, 2006, 1:09 pm

As always, very infomative.
Thanks TeMerc :)
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Advertisement
Register to Remove


Return to News Desk



Who is online

Users browsing this forum: No registered users and 7 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware