Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO. And financial institutions are rightly concerned. According to a study conducted last year, losses due to ATO fraud have grown 69 percent and account for more than $4.6 billion in losses (yes, that's billion with a B).
- Crooks Seek Revival of 'Gameover Zeus' Botnet (Krebs on Security)
Cybercrooks recently began attempting to resurrect the Gameover ZeuS botnet by sending out spam with phishing lures that include zip files booby-trapped with a new variant of the malware. This revival attempt comes nearly a month after the FBI joined with several nations, researchers and security firms in a global effort to shutdown the botnet. The original Gameover ZeuS botnet, which has been blamed for the theft of more than $100 million worldwide, remains locked down; this new variant appears to be rebuilding the botnet from scratch.
- Criminals Rollout New Variant of Pushdo Malware (Security Week)
The Pushdo botnet, which has been used to deliver financial malware like Zeus and SpyEye via spam, has been updated to use a new domain-generation algorithm (DGA). DGA helps conceal the actual location of the botnet’s command-and-control infrastructure. More than 42,000 infected machines now host the new malware variant. Among the top countries impacted were India, Vietnam, the United States and Argentina.
- Fraudsters Market New Malware Kronos (SC Magazine)
New financial malware named “Kronos” is now available for purchase on the black market. Capable of stealing user credentials via form grabbing and HTML injection, Kronos can possibly be used by Zeus operators. Priced at $7,000, Kronos includes free updates and bug removal by the malware’s author.
- UK Takedown Disrupts Shylock Botnet (Bank Info Security)
British police, working with an international consortium of law enforcement agencies and information security firms, recently disrupted financial malware known as Shylock. The U.K.’s National Crime Agency said the operation involved seizing the command-and-control servers used to control infected PCs, as well as botnet-related domain names. No arrests were announced. Shylock is said to infect more than 60,000 PCs and has been used to steal millions of dollars.