Posted by Brian Krebs 18.104.22.168 August 23, 2008 at 11:04:14:
Web Fraud 2.0: Distributing Your Malware posted by Brian Krebs 22.214.171.124 August 23, 2008 at 10:51:35:
Original text: The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute ..
These days, nearly every aspect of the underground online economy that supports commercial crime operations has been automated. Online forums and criminal social networking sites have long offered aspiring newbies tips on getting started. But a slew of extremely popular Web sites increasingly are making it possible for newcomers to begin reaping profits from their activities through point-and-click Web interfaces that even the most novice hackers can navigate.
What follows today and throughout the rest of the week is a look at some trends and tools Security Fix observed being used by cyber crooks, as a result of several months of lurking on some of the more popular (and in some cases invite-only) cyber criminal forums.
Even the greenest cyber crook knows you never use your own Internet connection to conduct business. In the past, masking your true Internet address online meant configuring your browser to use multiple "open proxies," connections belonging to hacked or misconfigured systems that will happily forward any Web traffic.
But why bother with that manual, labor intensive process, when you can download a tiny program and subscribe to a service that handles it for you? That's the idea behind services like infecter.net, 5socks.net and anyproxy.net. Subscribers pay for a certain number of proxies weekly or monthly, and can even download a tiny program that automates the process of switching from one proxy to the next, whenever the customer wants to appear to be coming from a new or different Internet address.
This type of service is especially appealing to criminals looking to fleece bank accounts at institutions that conduct rudimentary Internet address checks to ensure that the person accessing an account is indeed logged on from the legitimate customer's geographic region, as opposed to say, Odessa, Ukraine.
With XSOX, if your victim lives in Indianapolis, no problem. Just scroll down the list of available proxies, or sort by state and country, and double click the Internet address in Indianapolis. After that, every Web site you visit thinks you're coming from Indianapolis, regardless of the true Internet address you are using to access the XSOX service.