MALWARE TOOLS FOR SALE ON THE OPEN WEB



Similar documents
CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

BE SAFE ONLINE: Lesson Plan

Don t Fall Victim to Cybercrime:

User Guide for the Identity Shield

Course Content: Session 1. Ethics & Hacking

Five Trends to Track in E-Commerce Fraud

Protecting Yourself from Identity Theft

Payment Fraud and Risk Management

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware & Botnets. Botnets

WEB ATTACKS AND COUNTERMEASURES

Protect Your Business and Customers from Online Fraud

Latest Business Compromise Malware Found: Olympic Vision

The Key to Secure Online Financial Transactions

Top tips for improved network security

The anatomy of an online banking fraud

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

Trusteer Rapport. User Guide. Version April 2014

Spyware: Securing gateway and endpoint against data theft

How To Protect Your Online Banking From Fraud

Securing Your Business s Bank Account

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

Recognizing Spam. IT Computer Technical Support Newsletter

10 Things Every Web Application Firewall Should Provide Share this ebook

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Keystroke Encryption Technology Explained

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Stopping zombies, botnets and other - and web-borne threats

E Commerce and Internet Security

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Advanced Persistent Threats

CYBERCRIME AND THE HEALTHCARE INDUSTRY

Innovations in Network Security

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Ethical Hacking Course Layout

Phishing Scams Security Update Best Practices for General User

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

Protect yourself online

Quarterly Report: Symantec Intelligence Quarterly

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Windows Installation 1. On a Windows PC (For MAC, skip to next section), at the file download prompt click Run.

Online Cash Management Security: Beyond the User Login

Fraud Trends. HSBCnet Online Security Controls PUBLIC

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

WHITE PAPER. Understanding How File Size Affects Malware Detection

Protecting your business from fraud

Information Security Threat Trends

INDUSTRY OVERVIEW: FINANCIAL

What Do You Mean My Cloud Data Isn t Secure?

INTERNET SAFETY: VIRUS: a computer program that can copy itself and infect your computer. CAPTCHAS: type the letters to set up an online account

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Bitdefender Antivirus for Mac User's Guide

Kaspersky Internet Security

Phishing Activity Trends Report for the Month of December, 2007

Spy Eye and Carberp the new banker trojans offensive

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Electronic Fraud Awareness Advisory

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

User's Guide. Copyright 2012 Bitdefender

The SMB Cyber Security Survival Guide

Basic Security Considerations for and Web Browsing

Preventing Corporate Account Takeover Fraud

Threat Events: Software Attacks (cont.)

Transcription:

MALWARE TOOLS FOR SALE ON THE OPEN WEB May 2014 RSA Research, while investigating a Zeus Trojan sample, discovered an additional drop server used by a fraudster who is offering a set of spyware tools for sale under the vendor names TampStore and Crown Softwares. The online store offers a number of software packages made up of sets of tools presented openly as legitimate spyware, with individual package icons in different colors for each of the products. These tools offer a number of features that may be illegal in many regions, and are commonly used by malware developers to steal data from infected PCs. The online store offers the following products : TampZusa stealer application for stealing information and images from browsers, email clients, keylogging, screen captures, webcam, and messenger clients TampStealer same as TampZusa, with a few extra bonuses added to the package (see feature list below) TampKelogger Classic a basic case-sensitive keylogger that can also record window titles TampKeylogger Premium a full featured keylogger that also includes all the features of the TampStealer TampSpammer a basic mass-mailer spamming application Of all the listed products, the TampStealer appears to be the most complete package of spyware tools. The following is a list of the features advertised in the online store. FRAUD REPORT page 1

TampStealer feature list: Case sensitive keylogger Print screen stealer (screen capture) Webcam stealer Browser password stealer Opera, Chrome, Firefox, Safari, Internet Explorer, Netscape Avira firewall bypass Mass email dispatcher Silent file downloaders Multi-client remote administration Send logs to FTP or PHP (PHP logger included in package) FileZilla stealer Stealer for the following email clients Outlook, Windows Mail, Eudora, IncrediMail, Netscape PidGin stealer (messenger client) Icon changer application, including an icon package The fraudster does not seem to be shy about advertising his wares on Facebook or exposing numerous email addresses for himself in various forums and public social networking sites. RSA has traced a number of entries posted by him in a Romanian computer hacker forum as well as advertising his availability for hire in a web programming forum. Upon further investigation of the administration panel and log files of the TampStealer application, RSA uncovered records of stolen login credentials. One log file from the TampStealer application, contained as many as 8,145 stolen login records (see Figure 1 below). page 2

CONCLUSION Offering cybercrime software tools for sale is not new. However, advertising them out on the open web and social networking sites like Facebook is quite unusual. This particular software tool author does not seem to be afraid or concerned about exposing his software or his email addresses to the general public. Such behavior goes against the trend of pushing cybercriminal activity further underground as has been witnessed by RSA over the last two years. page 3

MAY 2014 Source: RSA Anti-Fraud Command Center Phishing Attacks per Month RSA identified 52,554 phishing attacks in April, marking a 24% increase from March s attack numbers. Based on this figure, RSA estimates phishing cost global organizations $448 million in losses in April. 52,554 Attacks US Bank Types Attacked While nationwide banks continue to be the most targeted by phishing with 58% of total volume in April, regional banks have continued to see an increase in volume as well. Credit Unions Regional National Top Countries by Attack Volume The U.S. remained the most targeted country in April with an overwhelming 76% of global phishing volume, followed by the UK, the Netherlands, and South Africa. 4% 3% UK Netherlands 76% U.S. 3% South Africa page 4

Top Countries by Attacked Brands Over 50% of phishing attacks in March were targeted at brands in the U.S., UK, India, Italy and Canada. 27% U.S. 9% UK Top Hosting Countries The U.S. hosted 34% of global phishing attacks in April, followed by Germany, the Netherlands, and Italy. 7% 34% 5% 5% GLOBAL PHISHING LOSSES APRIL 2014 33% Mobile Transactions and Fraud (Q1 14) In Q1, 33% of banking transactions originated in the mobile $ $ $ channel. $ $ Among total transactions, 2% of all identified fraud was from a mobile device. $ $ $ 2% 33% 2% page 5

CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller or visit us at www.emc.com/rsa www.emc.com/rsa 2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. MAY RPT 0314

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information