Recent Posts

Recent Blog Posts

The PhishLabs Blog

Why ATO Is a Huge Problem, Gameover ZeuS Revives, Shylock Botnet Disrupted and more | TWIC - July 18, 2014

Posted by Lori Gildersleeve on Jul 18, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO. And financial institutions are rightly concerned. According to a study conducted last year, losses due to ATO fraud have grown 69 percent and account for more than $4.6 billion in losses (yes, that's billion with a B).

Cybercrooks recently began attempting to resurrect the Gameover ZeuS botnet by sending out spam with phishing lures that include zip files booby-trapped with a new variant of the malware. This revival attempt comes nearly a month after the FBI joined with several nations, researchers and security firms in a global effort to shutdown the botnet. The original Gameover ZeuS botnet, which has been blamed for the theft of more than $100 million worldwide, remains locked down; this new variant appears to be rebuilding the botnet from scratch.

The Pushdo botnet, which has been used to deliver financial malware like Zeus and SpyEye via spam, has been updated to use a new domain-generation algorithm (DGA). DGA helps conceal the actual location of the botnet’s command-and-control infrastructure. More than 42,000 infected machines now host the new malware variant. Among the top countries impacted were India, Vietnam, the United States and Argentina.

New financial malware named “Kronos” is now available for purchase on the black market. Capable of stealing user credentials via form grabbing and HTML injection, Kronos can possibly be used by Zeus operators. Priced at $7,000, Kronos includes free updates and bug removal by the malware’s author.

British police, working with an international consortium of law enforcement agencies and information security firms, recently disrupted financial malware known as Shylock. The U.K.’s National Crime Agency said the operation involved seizing the command-and-control servers used to control infected PCs, as well as botnet-related domain names. No arrests were announced. Shylock is said to infect more than 60,000 PCs and has been used to steal millions of dollars.

Topics: The Week in Cybercrime

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all