Tag Archives: Busted

Cleaner affiliates gotcha

S!ri, a well known and respected malware fighter in the security community, wrote that some webmasters (cleaner affiliates) regularly use the screenshots that he made after analyzing a rogue, in their own blog posts.

The cleaner affiliates write about the dangerousness of the rogue and link to a “Free” Scan or “Free” Removal tool which may not be free at all. :-x

So I decided to MAKE a picture of a new rogue that does NOT exist: Secure Shield. I post the picture and wait for the “serious” guys.

Those guys are inventing files, folders and keys name.

Secure Shield fake rogue

Operation Phish Phry Indictments

FBI Press Release

The largest number of defendants ever charged in a cyber crime case have been indicted in a multinational investigation conducted in the United States and Egypt that uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was used to defraud American banks.

Authorities in several United States cities arrested 33 of 53 defendants named in an indictment returned last week by a federal grand jury in Los Angeles. Several defendants charged in the indictment are being sought this morning by law enforcement. Additionally, authorities in Egypt have charged 47 defendants linked to the phishing scheme.

Full Statement

FBI Director Robert Mueller’s speech on cyber threats. Mueller told how he nearly fell for an email phishing scam himself.

After changing all our passwords, I tried to pass the incident off to my wife as a “teachable moment.” To which she replied: “It is not my teachable moment. However, it is our money. No more Internet banking for you!”

FTC Shuts Down Rogue Internet Service Provider, Pricewert LLC

Press release

A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet.

According to the FTC, the defendant, Pricewert LLC, which does business under a variety of names including 3FN and APS Telecom, actively recruits and colludes with criminals seeking to distribute illegal, malicious, and harmful electronic content including child pornography, spyware, viruses, trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest. The FTC alleges that the defendant advertised its services in the darkest corners of the Internet, including a forum established to facilitate communication between criminals.

Bolding mine.

The FTC also alleges that the defendant engaged in the deployment and operation of botnets – large networks of computers that have been compromised and enslaved by the originator of the botnet, known as a “bot herder.” Botnets can be used for a variety of illicit purposes, including sending spam and launching denial of service attacks. According to the FTC, the defendant recruited bot herders and hosted the command-and-control servers – the computers that relay commands from the bot herders to the compromised computers known as “zombie drones.” Transcripts of instant-message logs filed with the district court show the defendants’ senior employees discussing the configuration of botnets with bot herders. And, in filings with the district court, the FTC alleges that more than 4,500 malicious software programs are controlled by command-and-control servers hosted by 3FN. This malware includes programs capable of keystroke logging, password stealing, and data stealing, programs with hidden backdoor remote control activity, and programs involved in spam distribution.

Complete article:
FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web Content
http://www.ftc.gov/opa/2009/06/3fn.shtm

Security Fix
http://voices.washingtonpost.com/securityfix/2009/06/ftc_sues_shuts_down_n_calif_we.html

NoScript-Adblock Plus mini wars

Posted by: Giorgio, NoScript. 2009-05-04

I screwed up. Big time.
Not just with Adblock Plus users but with the Mozilla community at large.

I did something extremely wrong, which I will regret forever.
I abused the power and wasted the enormous trust capital gained by the NoScript add-on through the years to prevent Adblock Plus from blocking stuff on four internet domains of mine, without asking an explicit preemptive user consent.

This is absolutely inexcusable. Something I would never conceive again for the life of me.

Dear Adblock Plus and NoScript Users, Dear Mozilla Community
http://forums.informaction.com/viewtopic.php?p=2777#p2777

Posted by: Wladimir Palant, Adblock Plus. 2009-05-01

Recently I wrote about how not giving extension developers a good way to earn money might lead to very undesirable effects. The recent events give an impression of the kind of effects we should expect here. This is going to be about the popular NoScript extension which happens to make its money from ads. And to make sure that somebody sees these ads it goes pretty far.

Attention NoScript users

Edit: Added links.

Mozilla Blog No Surprises

Surprises can be appropriate in many situations, but they are not welcome when user security, privacy, and control are at stake. Mozilla is committed to guarding these principles, and we feel that a policy should be adopted that explicitly details our stance on these issues in regard to add-on modifications.

We welcome all constructive feedback and comments on this proposal, preferably in the AMO Newsgroup.

Spam gang member pleads guilty

Judy Devenow pleaded guilty to fraud and conspiracy charges Tuesday in federal court in Michigan, admitting she had sent millions of spam e-mails a day helping spam kingpin Alan Ralsky.

Devenow said she was paid US$150,000 to send e-mail and manage others from January 2004 through September 2005. She, Ralsky and nine other people were charged in January 2008. Thomas Dukes, who specializes in computer crimes at the U.S. Justice Department in Washington DC, is quoted as saying that Ralsky sent tens of millions of e-mails over a 20-month period – and that’s a “conservative number,” Dukes told the judge. We agree; Spamhaus regularly sees spammers like Ralsky and his gang sending tens of millions of spam e-mails each day. They use innocent people’s virus infected PCs to do this and also forge the addresses of innocent people onto the spam’s “From:” line (“spoofing”) causing untold damage and costs.

Spamhaus

Airport baggage screener charged with theft

Fly the friendly skies.

Pythias Brown, 48, of Maplewood, New Jersey, regularly sold the high-priced video cameras, laptop computers, and global positioning systems on eBay using the handle “alirla”, according to a criminal complaint filed in federal court in Newark. Brown told investigators he began stealing the items in September 2007 while screening luggage at Newark Liberty International Airport.

http://www.theregister.co.uk/2008/10/14/tsa_screener_theft/

It’s not the first time baggage screeners/handlers have been busted for stealing from passengers.

New York Times. August 12, 2004.
4 Baggage Screeners Arrested; TV Stars Were Among Victims

[PDF] Press Release December 7, 2007.
Jacksonville Airport Baggage Screener and Three Baggage Handlers Arrested for Thefts

Jan. 21, 2003.

With the signing of the act, airport security came under direct federal responsibility for the first time in airline history. Strict new requirements have been adopted to screen checked baggage. At airports, a new security force of federally-employed managers, supervisors, law enforcement officers and screeners is posted to check passengers and carry-on bags. TSA hired 23,000 baggage screeners and 33,000 passenger screeners to help shoulder the load.

http://www.cdi.org/terrorism/tsa-pr.cfm

FTC Shuts Down, Freezes Assets of Vast International Spam E-Mail Network

A U.S. district court has ordered a halt to the operations of a vast international spam network that peddled prescription drugs and bogus male-enhancement products. The network has been identified as the largest “spam gang” in the world by the anti-spam organization Spamhaus. The Federal Trade Commission has received more than three million complaints about spam messages connected to this operation, and estimates that it may be responsible for sending billions of illegal spam messages. At the request of the FTC, the court has issued a temporary injunction prohibiting defendants from spamming and making false product claims, and has frozen the defendants’ assets to preserve them for consumer redress pending trial. Authorities in New Zealand also have taken legal action, working in tandem with the FTC.

According to papers filed with the court, the defendants deceptively marketed a variety of products through spam messages, including a male-enhancement pill, prescription drugs, and a weight-loss pill.

The defendants include two individuals – Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith of Texas – and four companies they control: Inet Ventures Pty Ltd., Tango Pay Inc., Click Fusion Inc., and TwoBucks Trading Limited. The FTC’s complaint alleges that both Atkinson and Smith are liable for the spamming. It holds Lance Atkinson responsible for all product claims, and Smith liable for claims made for the pharmaceutical products. In June 2005, the FTC obtained a $2.2 million judgment against Atkinson and another business partner for running a similar spam affiliate program that marketed herbal products.

News Release: http://www.ftc.gov/opa/2008/10/herbalkings.shtm

Civil Action No. 08-CV-5666
FTC File No. 072 3085

Complaint for Injunctive and Other Equitable Relief
http://www.ftc.gov/os/caselist/0723085/081014atkinsoncmpt.pdf

Memorandum Supporting Plaintiff’s ex parte Motion for a Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsonmemo.pdf
Interesting read. Snippet:

SanCa$hSupport i guess so… they’ll never find you
sancashl well they bought me up, but nothing linked to me, most i do is provide services for spammers

O what a tangled web we weave when first we practise to deceive.
(Sir Walter Scott. Marmion, Canto VI, Stanza 17)

Temporary Restraining Order with Asset Freeze, Other Equitable Relief, and Order to Show Cause Why a Preliminary Injunction Should not Issue
http://www.ftc.gov/os/caselist/0723085/081014atkinsontro.pdf

Certifiedbug: March 30, 2007.
Fake pharmaceuticals on-line, buyer beware

Hacker sentenced to two years in prison

United States Attorney McGregor W. Scott announced Tuesday that Gregory King, 21, a California resident once known as “‘Silenz” “sZ” “Gregk707″ and “GregK” was sentenced to two years in federal prison and ordered to pay $69,000 in restitution following a guilty plea to two counts of transmitting code to cause damage to a protected computer.

The Reporter.
http://www.thereporter.com/news/ci_10677450

King used a botnet to conduct distributed-denial-of-service (Ddos) attacks against two Web sites. KillaNet Technologies, a British Columbia-based website for high school students preparing for careers in online media, and Castlecops security forums.

The Register, 4th October 2007.
Portrait of an (alleged) cyber bully as a young man

Certifiedbug, November 30, 2007.
FBI: Botnet Crack Down (again) in Operation Bot Roast II

GlobalSign revokes rogue program’s digital certificate

Antivirus XP 2008, a known rogue anti spyware program, was digitally signed by Globalsign.

Alerted by The Register on Friday, GlobalSign revoked the certificate, pending an investigation.

They may have moved swiftly to remove the cert after being alerted, however the question still begs as to why GlobalSign gave Antivirus XP 2008 a certificate in the first place. Google is your friend.

Hat tip to Alex Eckelberry at The Sunbelt Blog who had emailed GlobalSign on or before Thursday, August 14th.

“Spam King” pleads guilty

My last post on this item was May 31, 2007, the month Soloway was arrested. Several months later, after pleading guilty to fraud and tax evasion charges, Soloway is due to be sentenced 20 June, 2008.

The notorious spammer has previously been found guilty of sending spam in several civil cases, Microsoft won a $7.8m judgement against him back in 2005, but he’s always avoided paying fines.

According to his lawyers, the only assets are a collection of two dozens pairs of expensive sunglasses valued at more than $3,700, 27 pairs of shoes, and clothing worth about $14,200.

Seattle Times