Security Watch
Spammers Target MP3 Downloaders
Plus: settling with crooks; malware as a service; more.
An
article at The Register reports on an AV Vendor who has noticed that
spammers have switched to MP3 files as the file format of choice for a
pump-and-dump scam.
So one pump-and-dumper has tried to push a company via an MP3. From a
criminal's perspective, why not try to get victims to listen to your scam
rather than hoping they'll read your lies? Interestingly, people who are
likely to allow MP3s through as attachments are hardly likely to be those
interested in investing. Besides, an MP3 file offers even less credibility
as a means of conveying hot stock information than some human-readable
format.
Can Settlements Deter Crooks?
Here's a perfect example of how a zebra can't change its stripes:
John Zuccarini was convicted in 2002 and order to hand over $1.8 million
in illegally obtained income (read the
article, also from The Register), and sentenced to 30 months in 2003
for possession of child pornography and misleading use of domain names.
By 2006, he was back at it again. This time he's agreed to turn over $164,000
in a settlement with the FTC.
One has to wonder what value such a settlement has. Zuccarini ignored
his court order from 2002, failed to keep up his bookkeeping to allow
the FTC to monitor his income, and jumped right back on the typo-squatting
bandwagon. He's settled again and will likely do it another time or assist
someone else to attempt to hide his involvement. The fundamental problem
is in how the registrars are handling new domain registrations. There
needs to be more proactive work done when dodgy site names are being registered,
to prevent such criminal activity from happening over and over.
Ever Hear of MaaS?
A well-written story about how the initial discovery of Gozi led to the
discovery of RBN 76Service.com, a bot administration service brokered
by RBN (CIO has the article here).
The service offers tools for every aspect of criminal bot activity, from
infecting new machines with bots, to buying bot services to sending spam
or performing any other activity you desire. It seems that 76Service is
an attempt to shield the operators from the crime that the site is facilitating,
by believing it's merely offering a service which others use in any way
they want.
It's an excellent insight into the level of sophistication that has developed
in the online criminal world, as well as insight into how the criminal
mind works. If I infect machines, but do nothing with them, how criminal
am I? Equally, if I instruct a service to deliver spam, and it does so
via bot-controlled machines, am I a "bot herder"? Probably not, or so
the criminals believe. In any event, it certainly makes law enforcement's
job far more complex by providing layers of obscurity that may, or may
not, be penetrated while pursing a particular criminal.
Want
More Security? |
This column was originally
published in our Redmond Security Watch newsletter.
To subscribe, click here.
|
|
|
USB Lock Has Good Intentions, But Fails
If you're worried about a third-party plugging a USB drive into one of your
ports,
this
new device may help -- not!
The USB security lock is a quaint idea that totally misunderstands the problem
it's attempting to solve. Basically this device has four little USB connectors
which, when plugged into a port, cannot be removed except with the supplied
"key."
Ok, so your port is effectively blocked -- unless the criminal has also
purchased the $8.99 lock -- because there's nothing unique about
the "key" you got versus the one the criminal purchased. Further,
this also assumes you're not worried about your own user stealing
information via the USB port -- as they'd likely have access to
the "key."
Finally, this thing is only of any use if you assume you have nothing
plugged into USB ports already, as anyone could simply remove what you've
got plugged in and replace it with their thumb drive.
About the Author
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.