Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Online Fraud
Showing posts in English
Liam O Murchu | 01 Nov 2007 07:00:00 GMT | 0 comments

Recent reports have shown thatTrojan.Bayrob is scamming people again. The latest victim lost over€5,000 to the scam but luckily was able to track down where the moneyhad been sent. Unfortunately the final destination for the money was aWestern Union outlet in Greece, after having been first sent through amoney mule in the US.

Once Trojan.Bayrob is executed on a user’s system it can interceptall traffic to eBay. It can then show the infected user any contentthat it chooses instead of the real pages and it can also alterinformation that is shown to the user from the real pages.Trojan.Bayrob is used to scam people who are trying to buy cars oneBay.

The attack is a targeted attack and as such it is difficult toestablish the exact methods that are used to distribute the Trojan;however, from evidence gathered thus far the attack works in a mannersimilar to the following:
• The attacker posts an auction on eBay.
• This auction is used to gain information...

Andrea DelMiglio | 30 Oct 2007 07:00:00 GMT | 0 comments

As anticipated in my first blog post,email service providers play a central role in the battle againstonline fraud. This is because they are often the only organization toown the data needed to support financial institutions and lawenforcement agencies in prosecuting criminals.

Most phishing sites are hosted on compromised Web servers and in thepast, stolen accounts were stored on local log files that phishers usedto save, using rather standard filenames (like “data.log” or “cc.txt,”where “cc” obviously stands for credit card). Web servers withdirectory listings that were enabled together with phishing kitanalysis quickly made this simple technique ineffective, becausefinancial institutions were able to read those files as well.Therefore, they were able to block stolen Internet banking accounts andcredit cards, thus preventing further...

Ron Bowes | 01 Oct 2007 07:00:00 GMT | 0 comments

Over the past few years, file-sharing programs have grown inpopularity. Many people use them to share their music and games. Theyalso provide attackers with a convenient medium for infecting userswith Trojans or worms by offering tantalizing files. This kind of riskis well known to users and attackers alike; in Volume XII of Symantec'sInternet Security Threat Report, we noted that six of the top ten new malicious code families spread through file-sharing applications.

Another risk with file sharing, which many people are unaware of, isthe accidental exposure of confidential information. With nothing morethan a misplaced click, a user can unintentionally share the entirecontents of their hard drive, which could include their browserhistory, their personal documents, or their email messages.

Some file-sharing servers, such as certain Direct Connect servers,require a minimum...

Vincent Weafer | 28 Sep 2007 07:00:00 GMT | 0 comments

The two most common questions I hear around this time of year are: what do you think the biggest trend of the year was and what do you think the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.

Obviously, the debut of a new operating system brings with it new features for both the research community and malicious code authors to scrutinize. It’s simple to expect that we’ll see new attack attempts on Microsoft Vista. What’s more interesting are trends we’re likely to see that don’t even touch the physical hard drive of a computer. Web 2.0 technologies have already begun to capture attacker interest and motivation. As adoption continues to grow and dependence on these Web applications increases, the impact and frequency of these issues will rise.

Consider the...

Zulfikar Ramzan | 28 Aug 2007 07:00:00 GMT | 0 comments

Michael Dolan, a phisher who targeted AOL over the course of fiveyears recently pleaded guilty to two criminal counts that the's office brought against him. The first count was a conspiracyto commit fraud and the second count was aggravated identity theft.

Dolan's "career" spanned from 2002 to 2006 and mostly involvedgetting victims to install a Trojan program that would prevent themfrom logging into their AOL account without providing additionalsensitive information like credit card and Social Security numbers.When caught, he had private and financial information for 96individuals.

On the one hand, I think this is a great victory for the Departmentof Justice. I believe that legal actions are one of the importantchannels we need to consider when addressing the problem of phishing.After all, phishing is ultimately a financial crime, and to the extentthat we can make it more risky and less profitable, we cansubstantially reduce instances of phishing.

Candid Wueest | 16 Aug 2007 07:00:00 GMT | 0 comments

Well, we all know that playing games can influence your real life,even if it’s just the lack of sleep you get from spending whole nightsplaying online games. But there’s more to it. There are several crucialpoints that have to be considered when running around virtual fieldswith your character. Unfortunately, as in life, some people don't playby the rules.

Sometimes those virtual worlds are not as peaceful as one mightthink or hope. You, or more precisely your avatar, might getblackmailed for protection money or bullied by others. Destruction ofvirtual goods can happen if you don’t pay. The discovery of weapons ofmass destruction in Second Life confirms this point. (Yes, they doexist; search for “Jessie Massacre” if you don’t believe it.)

But, there are other entrapments to watch out for. We already reported on gold farming and the problem with in-game spam in a...

Candid Wueest | 16 Aug 2007 07:00:00 GMT | 0 comments

Have you ever “ego-Googled” yourself? That is, looked yourself up onGoogle? Chances are, if you haven’t, others have. Your employerprobably did it before hiring you, so it can’t be that bad, right? Butare you really aware of all the information that is available onlineabout you?

Nowadays, of course, one of the easiest ways to data-mine somebodyis to look them up on the many social networking sites that have sprungup over the past few years. These sites are hugely popular and you findthem for nearly every user group. You can find old buddies from schoolthat you’ve lost touch with, connect with people that listen to thesame music as you, or post your CV to attract a new employer.

For sure, they can be useful. And I admit that I, too, have usedthem several times. Sometimes it can even be very amusing. For example,I once received an email from a headhunter. Besides offering me aposition, she complained she couldn’t reach me on my listed phonenumber: ++1 234 567 890. What...

Liam O Murchu | 02 Aug 2007 07:00:00 GMT | 0 comments

Brazil is the home of the infamous Infostealer.Bancos family ofmalware. Recently, however, we have seen a more diverse number of sites- beyond just banking sites - coming into the crosshairs of theBrazilian malware gangs. Is the recent W32.Imcontactspam worm anotherof their creations?

The worm is Brazilian and spammed the infected users’ MSN contactswith email advising them that they had received an electronic greetingcard. We see these types of worms quite often; however what caught ourattention were the similarities between the techniques this worm usesand the techniques used by the Infostealer.Bancos family of trojans.

When executed, the worm does the following:

  1. Minimizes the real MSN Messenger login window;
  2. Displays a fake Portuguese language MSN login screen;
  3. Records the username and password that is typed;
  4. Displays the real MSN Messenger login window (user must re-type password);
  5. Records the email address of all...
Andrea DelMiglio | 31 Jul 2007 07:00:00 GMT | 0 comments

Since May, phishing attacks against Italian banks have been a visiblebut rather limited phenomenon. Most financial institutions reactedquickly, setting-up proper fraud management processes, educationcampaigns for end users and technical countermeasures since early 2006.But in the last three months, Italian mailboxes have been flooded bymillions of phishing emails, moving the problem to the next level.

Number of single URLs per month (July 07 data includes attacks until July 27th)
(Click image for larger view)

As the graph illustrates, the number of attacks grew 14 times since the2006 peak (127 in August) to the current 2007 peak (1735 last May).Attack source analysis shows...

Symantec Security Response | 26 Jul 2007 07:00:00 GMT | 0 comments

In the June 2007 edition of RSA Security Phishing Newsreleased on July 5th, RSA’s Anti-Fraud Command Center uncovered a newtype of phishing kit, which is “actually a single file which creates anentire phishing site on a compromised server when double-clicked on,similar to .exe installation files.” According to the report,traditional phishing kits include all of the relevant files which mustbe installed one by one in the appropriate directories on the serverthat is controlled by the phisher. The new kit instead, “saves thephishers time and effort, by automating the site installation process.”

This news received quite a bit of press coverage, but does it reallychange the rules of the game? Our feeling is that it doesn’t: mostphishing sites are currently hosted on compromised Web servers, wherephishers have been able to upload files using one of the (many)unpatched vulnerabilities lying in the Web application code. Phishingkit configuration is usually done on a phisher...