Skype Spamming Tool in the Wild - Part Two

The less technologically sophisticated lone cybercriminals have always enjoyed the benefits of stand alone DIY applications. From DIY exploit embedding tools in a Cybercrime 1.0 world, maturing to today's web malware exploitation kits and their copycat alternatives, to plain simple spamming tools that matured into today's managed spamming services already starting to offer spamming services beyond email, stand alone spamming applications remain pretty popular.

With yet another Skype spamming tool released in the wild, which just like the previous one I discussed a couple of months relies on Skype's support for wildcast searches, and is spamming with authorization request messages until the user adds the contact, malicious parties seems to be more interested into supplying the desired services, than emphasizing on the quality assurance process.

Despite the possibilities for localized targeted attacks delivering messages with malicious URLs into the user's native language, benchmarking this tool's features next to the ones offered by certain bots taking advantage of social engineering by spamming the infected host's contacts, is positioning it far behind even the most primitive IM spreading bot modules, whose extra layer of social engineering personalization makes their IM malware campaigns much more effective ones.

Related posts:
Harvesting Youtube Usernames for Spamming
Uncovering a MSN Social Engineering Scam
MSN Spamming Bot
DIY Fake MSN Client Stealing Passwords
Thousands of IM Screen Names in the Wild
Yahoo Messenger Controlled Malware

Adult Network of 1448 Domains Compromised

With millions of malware infected PCs participating in a botnet, the probability that a high profile end user whose domain portfolio consisting of over 1,400 high trafficked adult web sites, would end up having his accounting data stolen, is gradually increasing.

That seems to be the case with the CPanel of the Bang Bros network of adult web sites, the accounting data for which was obtained through a botnet in which the administrator seems to have been unknowingly participating in. None of the sites have been embedded with malware so far, however, taking into consideration the high traffic this adult network attracts as well as the fact that he person managing the domains portfolio is part of a botnet, that may change pretty fast.

A single malware infection always triggers the entire malicious effect, from the malware automatically SQL injection vulnerable sites, and providing infrastructure for scams and fraudulent activities, to allowing the botnet master to parse the huge log of stolen accounting data and look for Cpanels and anything allowing him to efficiently compromise a network of sites he wouldn't have been able to compromise if it wasn't the "weakest link" centralizing the entire portfolio in a single location.

And whereas for the time being, propositions for selling compromised CPanel accounts are mostly random, in the long term, fueled by the demand for compromised domains, we may witness the emergence of yet another market segment in the underground economy, with price ranges based on the pagerank of the domain in question, the type of browsers and the traffic sources visiting it. Until then, SQL injections through search engines reconnaissance executed through a botnet, will remain the efficient tactic of choice for abusing legitimate domains as redirectors to malicious ones.