Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Websites For Spyware Subscription And Malware Support

An unnamed Web site recently found introduction similar to the launch of an e-commerce site. The site has a crude home page yet it is fairly functional. The home page displays a series of options. With them visitors can conduct business in either English or Russian. There is an FAQ section, a list of terms and conditions for using software, and details specifying payment forms.

The site, however, has scanty contact details. That's because it supports illegitimate merchandise. It presents malicious code for criminal-minded webmasters to employ them to infect users with a Trojan program.

The site promises at least $66 to website owners if they downloaded the malware on their sites. It promises more for installing the code directly on systems of end users. The site says it would provide better rates for good traffic. Computerworld published this on April 5, 2007.

Online organized criminal gangs are taking on to new strategy by copying a page from the books of security vendors and modifying it into their websites. These sites offer assistance and subscriptions for spyware and other malware. Enterprises subscribing at $20 per month can sell exploit engines to spyware distributors and spammers who can use them to break into systems, said Gunter Ollmann, director of security strategies at IBM. This news appeared in IT.slashdot on April 5, 2007.

The website encrypts the exploit code and applies a series of morphing tactics that are elusive to security detection software. The code can exploit various vulnerabilities in order to infect a chosen computer.

Don Jackson, working as security researcher at SecureWorks, a security service provider based in Atlanta, recently spotted a subscription site of that sort.

Jackson uncovered the Trojan called Gozi and after a thorough investigation found that it would capture data from SSL streams and transmit that to a server based in St. Petersburg, Russia. His investigation showed that the Gozi Trojan evaded detection for nearly 50 days and it stole secret data valuing $2m on the parallel market. The data consisted of 2,000 social security numbers (SSNs) and bank account details. Techworld published Jackson's findings in the third week of March 2007.

Related article: Websites – The Latest Weapon in The Hands of Phishers

» SPAMfighter News - 4/12/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page