Viruses target social networks

Last week i fell victim to a virus. More correctly i fell victim to  a piece of maleware / spyware. Being as i a work in IT it didn’t cause to much of a problem, but it did make me take another look at the whole spyware problem.

The first think that surprised me wass that my current anti virus/maleware software had not picked it up. I’m a bit of a security control freak and actually run online, gateway , server and desktop Av, none of which detected or matched the patterns in this virus. The virus managed to set up its own proxy server on my machine, bypass my own proxy server, disable my local Av software and  run a number of exe files that mimicked the windows alert modules telling me the system had detected a problem and offering to install software to help. In fact even when i ran deep scans with trend, and spybot search and destroy, 2 leading titles in anti maleware they reported that my system was running normally with to viruses found. It was obvious that i did have a problem, in that there were around 160 exe files running and a new windows explorer window appearing every couple of minutes. It didn’t take long to do a quick google search on the individual exe files and find something that could remove it.

The second thing that surprised me, how easily i almost fell for providing my credit card details on a machine i knew to be affected. After 2 days of working on my laptop, while the very time consuming deep scans ran on my workstation,  I was so pleased to have found something that promised to kill the virus for once and for all that i very almost, went ahead and payed the $30 for an online license.

The third thing worth mentioning is how i fell for getting the virus in the first place. I guess it was a cross between a social engineering attach and a straightforward maleware attack. I in short i got a message on facebook inviting me to view a movie clip from a friend, this then took me to what looked like that persons you tube account, but where you would expect to see the movie playing there was a message saying that my version of flash player was out of date and to click to continue, the usual warning popped up before installing. All of which i clicked through, as it look so similar to a genuine flash updater. Next think you know i’ve restarted and all sorts of pop ups are saying a virus has been detected and linking to software products to purchase to remove this.

When you think about it, this is genius. The latest generation of internet users are very into social networks, but are much less tech savvy when it comes to security, and protecting themselves. They are so used to clicking ‘yes’,  ‘install’, ‘accept’, ‘i agree’, without reading anything of what they are actually agreeing to that they are easy targets when it comes to installing harmful stuff, like maleware and viruses. I myself am a classic example, busy day in the office and a box pops asking me to agree to an update to software i trust from a person i know and i say yes without a second thought.

It would seem that i am nt the only one thought, cnet this week reported on the koobface virus currently hitting facebbok users, and there are no end of others popping up everyday.

Advertisements
Viruses target social networks

FBI Honeytrap Darkmarket.ws is sprung

Following a two year undercover operation in conjunction with a number of other international law enforcement agencies, this week the FBI nabbed 56 Cyber Criminals and prevented an estimated $70 million in frauds.

Reports in Computer weekly state that the Uk’s Serious Organised Crime unit worked closely with the FBI Cyber Crimes Division and that arrests were made in London, Manchester, Leicester, Humberside and South Yorkshire.

The operation revolved around online ‘carder’ forum, Darkmarket.ws, where members buy and sell stolen credit card data, login credentials, other financial information and devices used to carry out certain financial crimes.

Darkmarket.ws was shuttered on 4th October 08, Master Splyntr blamed this on the site drawing too much attention after fellow administrator known as Cha0, aggresivetly marketed a high quality card skimmer on the site.

The site was registered in June 2006 and believed to have had 2,500 members, attracting 563,299 hits last month, Most members believing the site to be ran out of Eastern Europe, but it was almost exposed in 2006 when uber-hacker Max Ray Butler cracked the site’s server and announced to the underground that he’d caught Master Splynter logging in from the NCFTA’s office

In an FBI press release Cyber Division Assistant Director Shawn Henry states that ‘in a world of rapidly expanding technology, cyber crimes can be perpetrated instantly from anywhere in the world’ and explains the importance of being flexible and creative in their approach to this sort crime that taking them to online forums more and more frequently.

While the operation would appear to be a huge success, there has been some criticism from victims of these crimes, suggesting that the FBI actually set up and ran the site as a honey trap. German public radio went as far as to suggested that Master Splyntr the man believed to be behind the site was actually an FBI agent and that a Darkmarket server was located in an FBI building in Pittssburgh.

Researching this subject did beg the questions, how do you pay when your buying a stolen identities online from a bunch of cyber criminals? And what does a cyber criminal actually look like, are we talking an Arthur daily style character in a sheep skin jacket and sovereign rings, a Gordon Gecko in a sharp business suit or a pimply teenaged geek like the kid in war games?

Sources:  FBI, wired, itworld

FBI Honeytrap Darkmarket.ws is sprung

Credit Card Fraud and Online Games.

Further to my previous post on rumoured FBI plans to data mine online game World of Warcraft, in an unrelated incident “.net” magazine and “the register” have recently reported that UK Banks the Halifax and Royal Bank of Scotland have started blocking Visa and Master Card payments to game publisher Blizzard Entertainment.

Following an increase in the number of fraudulent card payments for world of war craft game subscriptions, the bank has set the default action for these payments to block. This does not affect existing account holders, and legitimate card holders can contact the bank and have their account overridden to allow these transactions if desired. The banks have stated that they do not believe that publisher Blizzard Entertainment are at all involved in these fraudulent transactions but due to the nature of the type of transaction there is a great enough security risk to justify their action.

This is not the first credit card problem that Blizzard Entertainment have had to content with. In 2005, many World of War Craft customers received statements stating that the 8.99 charge was being made by the Croyden Park Hotel, Croyden or Swallow St. George Hotel, Harrogte, after card processing company Euro Conex based in Dublin, Ireland made a processing error on the payments.

Interestingly World of War Craft, actually offer their own credit card scheme in the US, that allows users to earn game time at 1% of every dollar purchased.

This kind of credit card fraud is very popular, because it is relatively difficult to trace. It is  comparatively easy of set up an account with a false name and address, but comparatively hard to trace an account back through an isp to a phycial address or person. It’s a card not present transaction not requiring a pin number, there are no phyisical goods are being delivered, so there is no delivery address to trace back to, making it much easier for stolen cards or card details to be used.

According to industry organisation APACS, the numer of card not present card frauds affecting UK gambling sites rose by #12.7 million in the first half of 2007, It is estimated that mail order websites suffered 13 million pounds worth of fraudulent transactions in 2007. Many of which come from overseas transactions.

Credit Card Fraud and Online Games.