Instant Messaging E-Commerce Exploits- Judgement Day

Discussion in 'other security issues & news' started by TeMerc, Mar 15, 2006.

Thread Status:
Not open for further replies.
  1. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    by Chris Boyd, Security Research Manager; Wayne Porter, Sr. Director Greynets Research

    http://img.photobucket.com/albums/v639/TeMerc/newsicon.jpg VitalSecurity.org


    Acting on an anonymous tip, FaceTime Security Labs researchers have uncovered two "botnet" networks that collectively represent up to 150,000 compromised computers, one of which is being used as a vehicle to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords. The operators could potentially launch these scans from any computer on the botnet to mask their actual location.

    In addition, after systematic research of the various groups involved, we have uncovered a number of websites where up to forty (40) or more files are being shared around this community, and reworked for individual Botnets to push the problem even further. Commercially available remote admin tools (similar to the ones employed here) are used to gain complete access of the end-user's PC - files can be uploaded, downloaded, or whatever the Botmaster feels like doing with the machine.

    However, what the Botnet master really feels like doing, is downloading the payment database application to your PC, then scanning for misconfigured shopping carts using you as the fall guy.

    Let us explain further...if an end user clicks on a malcious link passed to them via Instant Messaging, Remote Administration Server, a commercially available application produced by Famtech, is automatically installed via a "beh.exe". The install is designed to hide the application in the systray with no interaction from the end user. Once this application is installed, the end user's computer is compromised and can be accessed remotely with additional malware applications installed on the desktop.

    http://img.photobucket.com/albums/v639/TeMerc/newsicon.jpg SpywareGude


     
  2. TeMerc

    TeMerc Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    127
    Location:
    PHX. AZ.
    The Digital Underground: Interview with RinCe
    by Chris Boyd, Security Research Manager; Wayne Porter, Sr. Director Greynets Research

    In Part 1, we looked briefly at the history of the attack and what the potential dangers were. This time round, we're talking to the individual who made the initial tip-off and assisted with gathering valuable intelligence, some of which has since been forwarded to the relevant Federal Authorities. If you're sitting comfortably, take a detour into the Digital Underground - keep your arms inside the booth at all times...

    (Note - Paperghost is the online alias of FaceTime Security Research Manager Chris Boyd, RinCe is the individual who came forward with key intelligence and the chat was conducted via Instant Messaging).

    Full Interview @ SpywareGuide
     
Loading...
Thread Status:
Not open for further replies.