Welcome!

Welcome to Satlover forums, full of great people, ideas and excitement.

Please register if you would like to take part. link..

Register Now

Alert: Don't Use Hotmail Email Accounts for registration

Collapse

Before Access to all Forums and Trial accounts you must need to activate your account Email address

Microsoft ramps up war on Zeus, SpyEye botnets

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • redwax88
    Junior Member
    • Aug 2011
    • 10
    #1

    Microsoft ramps up war on Zeus, SpyEye botnets

    [QUOTE]Microsoft employees, accompanied by US marshals, have raided two nondescript office buildings in Pennsylvania and Illinois, aiming to disrupt one of the most pernicious forms of online crime today — botnets, or groups of computers that help harvest bank account passwords and other personal information from millions of other computers.

    With a warrant in hand from a federal judge authorising the sweep, the Microsoft lawyers and technical personnel gathered evidence and deactivated web servers ostensibly used by criminals in a scheme to infect computers and steal personal data. At the same time, Microsoft seized control of hundreds of web addresses that it says were used as part of the same scheme.

    The sweep was part of a civil suit brought by Microsoft in its increasingly aggressive campaign to take the lead in combating such crimes, rather than waiting for law enforcement agencies to act. The company's targets were equipment used to control the botnets, which criminals, known as bot-herders, use for ill intent.

    [/QUOTE]

    [URL="http://boonplanet.com/?sbarticleid=706&microsoft-ramps-up-war-on-zeus-spyeye-botnets"]Sydney Morning Herald[/URL]
    Tags: botnets, ramps, spyeye, war, zeus
    • zitraig
      Member
      • Dec 2011
      • 93
      #2
      Re: Microsoft ramps up war on Zeus, SpyEye botnets

      Here is a very comprehensive article from the network of the problem.
      SpyEye Botnet’s Bogus Billing Feature
      Miscreants who control large groupings of hacked PCs or “botnets” are always looking for ways to better monetize their crime machines, and competition among rival bot developers is leading to devious innovations. The SpyEye botnet kit, for example, now not only allows botnet owners to automate the extraction of credit card and other financial data from infected systems, but it also can be configured to use those credentials to generate bogus sales at online stores set up by the botmaster.
      As I noted in a post in April, SpyEye is a software package that promises to make running a botnet a point-and-click exercise. A unique component of SpyEye is a feature called “billinghammer,” which automates the purchase of worthless or copycat software using credit card data stolen from victims of the botnet.
      The SpyEye author explained this feature in detail on several hacking forums where his kit is sold, even including a video that walks customers through the process of setting it up. Basically, the scam works like this: The botmaster acquires some freeware utility or legitimate program, renames it, claims it as his own and places it up for sale at one of several pre-selected software sales and distribution platforms, including ClickBank, FastSpring, eSellerate, SetSystems, or Shareit. The botmaster then logs in to his SpyEye control panel (picture above), feeds it a list of credit card numbers and corresponding cardholder data, after which SpyEye opens an Internet Explorer Window and — at user-defined intervals — starts auto-filling the proper fields at the botmaster’s online store and making purchases.
      The billinghammer module also is set up to evade anti-fraud controls at the online software stores, by funneling each transaction through a SpyEye-infected system whose Internet address traces back to a geographic location that approximates the cardholder’s street addresss.
      In the video that shows how to use this portion of the bot kit, it appears that SpyEye customers have the option either to make sales at their own stores, or to use some that are apparently set up by the author of the bot kit himself.
      In an e-mail to KrebsOnSecurity.com, FastSpring’s chief customer service officer Ken White said: “We understand what this system tries to do, and how the bad guys attempt to use it to convert stolen cards into cash. We haven’t yet been exploited successfully and believe we have a good system in place to prevent it.”
      All other software sales and distribution systems coded into the SpyEye bot kit are entities operated by Digital River, which did not respond to repeated requests for comment. It’s not clear how many — if any — SpyEye customers are using the billinghammer plug-in. But assuming that there are some scammers out there abusing these services through SpyEye, it seems that it would be a great way to catch botmasters in the act. After all, the check or wire transfer for any bogus software sales has to be sent somewhere.

        Comment

        Previous template Next
        Working...