Security Watch

Spammers Target MP3 Downloaders

Plus: settling with crooks; malware as a service; more.

• By Russ Cooper
• 12/12/2007

An article at The Register reports on an AV Vendor who has noticed that spammers have switched to MP3 files as the file format of choice for a pump-and-dump scam.

So one pump-and-dumper has tried to push a company via an MP3. From a criminal's perspective, why not try to get victims to listen to your scam rather than hoping they'll read your lies? Interestingly, people who are likely to allow MP3s through as attachments are hardly likely to be those interested in investing. Besides, an MP3 file offers even less credibility as a means of conveying hot stock information than some human-readable format.

Can Settlements Deter Crooks?
Here's a perfect example of how a zebra can't change its stripes: John Zuccarini was convicted in 2002 and order to hand over $1.8 million in illegally obtained income (read the article, also from The Register), and sentenced to 30 months in 2003 for possession of child pornography and misleading use of domain names. By 2006, he was back at it again. This time he's agreed to turn over $164,000 in a settlement with the FTC.

One has to wonder what value such a settlement has. Zuccarini ignored his court order from 2002, failed to keep up his bookkeeping to allow the FTC to monitor his income, and jumped right back on the typo-squatting bandwagon. He's settled again and will likely do it another time or assist someone else to attempt to hide his involvement. The fundamental problem is in how the registrars are handling new domain registrations. There needs to be more proactive work done when dodgy site names are being registered, to prevent such criminal activity from happening over and over.

Ever Hear of MaaS?
A well-written story about how the initial discovery of Gozi led to the discovery of RBN 76Service.com, a bot administration service brokered by RBN (CIO has the article here). The service offers tools for every aspect of criminal bot activity, from infecting new machines with bots, to buying bot services to sending spam or performing any other activity you desire. It seems that 76Service is an attempt to shield the operators from the crime that the site is facilitating, by believing it's merely offering a service which others use in any way they want.

It's an excellent insight into the level of sophistication that has developed in the online criminal world, as well as insight into how the criminal mind works. If I infect machines, but do nothing with them, how criminal am I? Equally, if I instruct a service to deliver spam, and it does so via bot-controlled machines, am I a "bot herder"? Probably not, or so the criminals believe. In any event, it certainly makes law enforcement's job far more complex by providing layers of obscurity that may, or may not, be penetrated while pursing a particular criminal.

Want More Security? This column was originally published in our Redmond Security Watch newsletter. To subscribe, click here.

USB Lock Has Good Intentions, But Fails
If you're worried about a third-party plugging a USB drive into one of your ports, this new device may help -- not!

The USB security lock is a quaint idea that totally misunderstands the problem it's attempting to solve. Basically this device has four little USB connectors which, when plugged into a port, cannot be removed except with the supplied "key."

Ok, so your port is effectively blocked -- unless the criminal has also purchased the $8.99 lock -- because there's nothing unique about the "key" you got versus the one the criminal purchased. Further, this also assumes you're not worried about your own user stealing information via the USB port -- as they'd likely have access to the "key."

Finally, this thing is only of any use if you assume you have nothing plugged into USB ports already, as anyone could simply remove what you've got plugged in and replace it with their thumb drive.