cyber criminal

An online security firm F-Secure revealed that botnets of compromised machines are now used by cyber criminals to issue units of Bitcoin virtual currency.

Perpetrators used the ideas in distributed computing practiced by the SETI project. Cyber criminals programmed their botnets of zombie machines to farm Bitcoins.

"The bots are created with a generator," writes Mikko H Hypponen, chief research officer at F-Secure. "Generator sets a specific Twitter account to be the one which can be used to control the mining botnet."

The source code for the infamous ZeuS toolkit is being offered by some cyber criminal through the underground forums on the Internet.

Nicknamed IOO the supposed seller provided proof of having the code by placing some screenshots of the source code portions. The sale is offered to be discussed vie either ICQ or Jabber. Any escrow payment is accepted.

The screenshots make reference to peinfector.cpp, a project of ZeuS known as "Murofet". While security researchers cannot verify if the sale is genuine they are taking the potential offer seriously.

Canadian federal IT staff was tricked into granting access to hackers who may be based in China. Being allowed to government computers crooks tried to steal information but according to official statements no data has been compromised. The breach led to severe Internet restrictions at Treasury Board and the Finance Department, reports CBC News.

As smartphones and tablets are gaining momentum cyber criminals shift their focus to mobile devices to infiltrate malware. A new report from McAfee titled McAfee Threats Report for Q4 2010 reveals that new mobile malware threats in 2010 increased by 46 percent over the previous year.

Hacked government and defense domains are being sold by cyber crooks at relatively acceptable prices. .gov, .mil and .edu domains in the United States and Europe can be sold to interested parties for a price between $55 and $499 each. Besides, the hacker also sells admin login credentials to hacked sites and looted personal data from compromised sites.

In the course of research that studied the newly discovered botnet Kneber experts found that different infections on the same host can work together and thus ensure better survival rate.

Alex Cox, the senior consultant in the research department at NetWitness who discovered Kneber, noted that it is interesting how Kneber interacts with other malware networks being in a symbolic relationship with them which makes each botnet stronger against being dismantled.

A recent report revealed that 77% of Internet domains, which is about 90 million Internet addresses, are registered with false, incomplete, or unverifiable information.

ICANN conducted an extensive review of 1,419 representative domain names including direct contact with over 500 individual domain owners. The review shows that only 23% of domain registrations display the owner's correct name and physical address.

This weekend Chinese local paper the Wuhan Evening News reported that the authorities closed allegedly the largest hacker training website in the country and arrested three of its members.

According to the newspaper the "Black Hawk Safety Net" website taught hacking techniques and provided malicious software downloads for its 12,000 members in exchange for a fee.

Those who want to make money on ‘affiliate’ malware program can apply for the participation the dedicated websites where cyber criminals are hiring referrals.

According to Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington, the two companies who are hiring advertise online.

Imperva studied the passwords which were breached during the hack of RockYou.com. The study found that a great number of those 32 million passwords were poor and too simple. The top ten passwords Imperva found among those compromised in the attack are these:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

According to the latest reports by some media sources Yahoo was among those 30 companies hit by the hacker attack from Chinese cyber criminals who tried to steal intellectual property and collect information on Chinese dissidents.

Source familiar with the situation report that 34 companies in total have been affected -- and more names are expected to come to light in the next few days. Bloomberg and other news outlets named Yahoo as a victim Thursday. The reports came after the news that Google and Adobe were also hit by the attack.

The final few days of the Christmas season are the busiest and most profitable for online merchants. But they are also a time when cyber crooks are most active. Experts on combating online fraud offer some timely advice on how you can avoid becoming a victim - whether you're a merchant or a consumer.
These last few days of the Christmas season are deemed by many merchants as the most profitable online shopping days of the year.

Earlier this week the social networking company Facebook started a lawsuit against the alleged high profile hijackers and spammers. Among the defendants there are Jeremi Fisher, Philip Porembski, and Ryan Shimeall along with Choko Systems, Harm, Inc., and iMedia Online Services, LLC, three firms associated with the alleged spammers.

The company filed the lawsuit which charges the criminals of "phishing Facebook users and sending spam from their accounts".

 Cyber criminals are using series of phishing attacks aimed at stealing content management system log-in credentials from the customers of website hosting companies, including yahoo.com. The cyber crooks deploy cPanel-oriented messaging to collect FTP credentials of site owners according to the reports of Trusteer, the customer protection company for online businesses.