Web Fraud 2.0: Cloaking Connections

E-mail Facebook VKontakte Google Digg del.icio.us BlinkList NewsVine Reddit YahooMyWeb LiveJournal Blogmarks TwitThis Live News2.ru BobrDobr.ru Memori.ru MoeMesto.ru

[ Replies ] [ Leave reply ] [ Proxy list bulletin board ] [ New Message ]

Posted by Brian Krebs August 23, 2008 at 11:04:14:

In reply:
Web Fraud 2.0: Distributing Your Malware posted by Brian Krebs August 23, 2008 at 10:51:35:

Original text: The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute ..

These days, nearly every aspect of the underground online economy that supports commercial crime operations has been automated. Online forums and criminal social networking sites have long offered aspiring newbies tips on getting started. But a slew of extremely popular Web sites increasingly are making it possible for newcomers to begin reaping profits from their activities through point-and-click Web interfaces that even the most novice hackers can navigate.

What follows today and throughout the rest of the week is a look at some trends and tools Security Fix observed being used by cyber crooks, as a result of several months of lurking on some of the more popular (and in some cases invite-only) cyber criminal forums.

Even the greenest cyber crook knows you never use your own Internet connection to conduct business. In the past, masking your true Internet address online meant configuring your browser to use multiple "open proxies," connections belonging to hacked or misconfigured systems that will happily forward any Web traffic.

But why bother with that manual, labor intensive process, when you can download a tiny program and subscribe to a service that handles it for you? That's the idea behind services like infecter.net, 5socks.net and anyproxy.net. Subscribers pay for a certain number of proxies weekly or monthly, and can even download a tiny program that automates the process of switching from one proxy to the next, whenever the customer wants to appear to be coming from a new or different Internet address.

Have a look at the screen shots I took of perhaps the slickest, most user-friendly proxy-changing tool for sale in the underground at the moment: XSOX. $50 USD buys you a month's worth of "unlimited" proxies (more accurately, access to roughly 500-600 hacked PCs). But don't count on paying with American Express. XSOX's operators only accept Webmoney, a virtual currency most popular in Russia and Eastern Europe. Furthermore, you will unlikely be able to get the service started without reaching the owner on instant message, and for that you'll need a firm grasp of the Russian language.

This type of service is especially appealing to criminals looking to fleece bank accounts at institutions that conduct rudimentary Internet address checks to ensure that the person accessing an account is indeed logged on from the legitimate customer's geographic region, as opposed to say, Odessa, Ukraine.

With XSOX, if your victim lives in Indianapolis, no problem. Just scroll down the list of available proxies, or sort by state and country, and double click the Internet address in Indianapolis. After that, every Web site you visit thinks you're coming from Indianapolis, regardless of the true Internet address you are using to access the XSOX service.


Leave reply:



Subject: Re: Web Fraud 2.0: Cloaking Connections


Optional link, URL:

Link description:

Optional picture URL:

[ Replies ] [ Leave reply ] [ Proxy list bulletin board ] [ New Message ]