Dancho Danchev's Blog Most Popular Posts for 2012

The time has come to reflect on this year's most popular posts, and emphasize on the key points about what made them special.

1. Who's Behind the Koobface Botnet? - An OSINT Analysis - Indisputably, the exposing of Koobface botnet master KrotReal is this year's most popular blog post. The release of the post, and the New York Times article discussing the case, immediately resulted in the shut down of the Koobface botnet.
2. Exposing the Market for Stolen Credit Cards Data - Although the post was originally published in 2011, it's the second most popular for 2012, proving that factually presenting the existence of a growing trend, inevitably reaches a wider audience.
3. Dissecting 'Operation Ababil' - an OSINT Analysis - The OSINT analysis of 'Operation Ababil' is this year's third most popular post. The analysis correctly identified a key participant in certain parts of the campaign, although it explicitly emphasized on the fact just how easy is it to launch a cyber false flag operation online.
4. Profiling a Vendor of Visa/Mastercard Plastics and Holograms - The main purpose of this post, was to shed more light into the increasing availability of "blank plastic" services, whose QA (Quality Assurance) processes sometimes outpace the OPSEC (Operational Security) efforts put in place by the targeted companies.
5. Pricing Scheme for a DDoS Extortion Attack - This post highlighted a bold, but obtained from "in the wild" DDoS extortion letter, indicating the degree of flexibility and professionalism applied by the cybercriminals behind it.
6. A Peek Inside the Vertex Net Loader - This post summarized the key features of the Vertex Net Loader, and emphasized on the systematic release of related DIY malware loaders/bots within the cybercrime ecosystem.
7. Dissecting the Ongoing Mass SQL Injection Attack - Regular readers of my personal blog are used to getting the latest threat intelligence regarding a particular widespread campaign, virtually in real-time. That was the main objective of this analysis, fortunately, successfully achieved.
8. Dissecting the Massive SQL Injection Attack Serving Scareware - An ever-green analysis demonstrating monetization of hijacked Web traffic through a scareware affiliate program.
9. Koobface Botnet Master KrotReal Back in Business, Distributes Ransomware And Promotes BHSEO Service/Product - The second post in the series profiling ex-Koobface botnet master KrotReal's cybercrime-friendly operations, also gained a lot of attention, and proved that the lack of prosecution in this case, can, and will, ultimately lead to more cybercrime-friendly activities.
10. Dissecting 'Operation Ababil' - an OSINT Analysis - Part Two - With 'Operation Ababil' still an open question to many of the major media outlets, the second part of the analysis discussed another tool used in the campaign, with the idea to raise more awareness on the tools and techniques used by the attackers behind the campaign.

Thank you all for being regular blog readers! The best is yet to come! See you all in 2013!

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.