Summarizing Webroot's Threat Blog Posts for May

The following is a brief summary of all of my posts at Webroot's Threat Blog for May, 2013. You can subscribe to Webroot's Threat Blog RSS Feed, or follow me on Twitter:

01. FedWire ‘Your Wire Transfer’ themed emails lead to malware
02. A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool
03. New IRC/HTTP based DDoS bot wipes out competing malware
04. New version of DIY Google Dorks based mass website hacking tool spotted in the wild
05. Citibank ‘Merchant Billing Statement’ themed emails lead to malware
06. Fake Amazon ‘Your Kindle E-Book Order’ themed emails circulating in the wild, lead to client-side exploits and malware
07. Cybercriminals impersonate New York State’s Department of Motor Vehicles (DMV), serve malware
08. Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin
09. Newly launched E-shop for hacked PCs charges based on malware ‘executions’
10. New subscription-based ‘stealth Bitcoin miner’ spotted in the wild
11. Fake ‘Free Media Player’ distributed via rogue ‘Adobe Flash Player HD’ advertisement
12. Newly launched ‘Magic Malware’ spam campaign relies on bogus ‘New MMS’ messages
13. Commercial ‘form grabbing’ rootkit spotted in the wild
14. DIY malware cryptor as a Web service spotted in the wild – part two
15. CVs and sensitive info soliciting email campaign impersonates NATO
16. New commercially available DIY invisible Bitcoin miner spotted in the wild
17. Fake ‘Export License/Payment Invoice’ themed emails lead to malware
18. Compromised Indian government Web site leads to Black Hole Exploit Kit
19. Cybercriminals resume spamvertising Citibank ‘Merchant Billing Statement’ themed emails, serve malware
20. Marijuana-themed DDoS for hire service spotted in the wild
21. Fake ‘Vodafone U.K Images’ themed malware serving spam campaign circulating in the wild

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter. Continue reading →

A Peek Inside the Russian Underground Market for Fake Documents/IDs/Passports

 
Fake IDs/fake passports have always been a hot commodity within the cybercrime ecosystem.

Thanks to their general availability and affordable prices -- naturally based on the quality that a potential cybercriminal/fraudster is seeking -- the vendors behind them continue undermining the trust chain that society/market thrives on, by empowering cybercriminals and fugitives with new IDs to be later on used in related fraudulent activities.

In this post, I'll sample fraudulent activity on the Russian underground marketplace, feature exclusive screenshots of fake passports currently offered for sale, and discuss how relatively low profile cybercriminals have been literally generating fake (Russian) passports for years, primarily relying on DIY passport/stamp generating tools.

Sample screenshots of the inventory of available fake passports for multiple countries:

Affected countries include: Russia, Belarus, Canada, Germany, Denmark, Finland, Israel, Netherlands (Holland), Norway, Romania, United Kingdom, United States, Australia, Ukraine. The prices vary between $20-30, and according to the vendors, use real people's data/photos etc.

It's also worth emphasizing on the fact that, of all the countries, Russia's underground marketplace for fake documents is perhaps the most vibrant one. Next to high-quality fake documments/IDs/passports, they're naturally the cheap alternatives, which Russian fraudsters have been literally generating for years, relying on DIY (do-it-yourself) tools/stamp editors like these:

Thanks to the demand for such kind of underground market assets, I'm certain that that market would continue flourishing, and would eventually reach a stage where the vendors would start sacrificing OPSEC (Operational Security) in an attempt to reach customers from virtually every country. With localization on demand services proliferating, next to the ubiquitous for the cybercrime ecosystem, affiliate based revenue-sharing models, vendors of fake documents/IDs/passports, have virtually everything that they need at their disposal, if they were to start targeting the international audience.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter. Continue reading →

A Peek Inside the Russian Underground Market for Fake Documents/IDs/Passports

 
Fake IDs/fake passports have always been a hot commodity within the cybercrime ecosystem.

Thanks to their general availability and affordable prices -- naturally based on the quality that a potential cybercriminal/fraudster is seeking -- the vendors behind them continue undermining the trust chain that society/market thrives on, by empowering cybercriminals and fugitives with new IDs to be later on used in related fraudulent activities.

In this post, I'll sample fraudulent activity on the Russian underground marketplace, feature exclusive screenshots of fake passports currently offered for sale, and discuss how relatively low profile cybercriminals have been literally generating fake (Russian) passports for years, primarily relying on DIY passport/stamp generating tools.

Sample screenshots of the inventory of available fake passports for multiple countries:

Affected countries include: Russia, Belarus, Canada, Germany, Denmark, Finland, Israel, Netherlands (Holland), Norway, Romania, United Kingdom, United States, Australia, Ukraine. The prices vary between $20-30, and according to the vendors, use real people's data/photos etc.

It's also worth emphasizing on the fact that, of all the countries, Russia's underground marketplace for fake documents is perhaps the most vibrant one. Next to high-quality fake documments/IDs/passports, they're naturally the cheap alternatives, which Russian fraudsters have been literally generating for years, relying on DIY (do-it-yourself) tools/stamp editors like these:

Thanks to the demand for such kind of underground market assets, I'm certain that that market would continue flourishing, and would eventually reach a stage where the vendors would start sacrificing OPSEC (Operational Security) in an attempt to reach customers from virtually every country. With localization on demand services proliferating, next to the ubiquitous for the cybercrime ecosystem, affiliate based revenue-sharing models, vendors of fake documents/IDs/passports, have virtually everything that they need at their disposal, if they were to start targeting the international audience. Continue reading →