A Hundred Botmasters Hired for Massive Compromising Campaign, Cautions RSA

According to FraudAction Research Team of RSA, a cyber-crook syndicate apparently is actively hiring no more than 100 botmasters for carrying out one complex man-in-the-middle assault with the help of Trojan Gozi in a new variant dubbed Gozi Prinimalka.

Specifically, Cyber-crime Communications Expert Mor Ahuvia from RSA's FraudAction states that the assault may've tried to compromise a good thirty financial institutions within USA. Securitywatch.pcmag.com published this in news dated October 5, 2012.

Experts opine that the campaign is targeting mainly American banks because as different from Europe based financial institutions they do not mandate accountholders conducting wire-transfers to go through the validation process of 2-factor authentication.

Interestingly, as the owners of Trojan Gozi Prinimalka operate the malware privately, the hired bot-herders ready for carrying out the hijacking scam will in all probability just get executables and be distanced from the compiler.

Elsewhere Ahuvia states that during the process of boot camp operation, there'll be individual choosing as well as training of associate botmasters who will then get their share of the money stolen out of victims' accounts and transmitted to the gang-controlled mule accounts. The process also ensures that all participants work diligently so every bot-herder will be having a person investing cash on the formers behalf into buying of equipments like laptops, servers, etc. while getting a percentage of the ill-gotten monetary gains as an incentive, adds Ahuvia. Blogs.rsa.com published this dated October 4, 2012.

Worryingly, the security alert from RSA coincides with the period when the United States banks have without losing time become highly cautious. Moreover, during the latter part of September 2012 to beginning October 2012, many prominent banks in USA such as Bank of America, JP Morgan Chase, Wells Fargo and Citigroup have had disruptions in their Internet-based operations because of apparent synchronized denial-of-service assaults.

Notably though, all organizations have been alerted about the ongoing scam, thanks to RSA, but with the knowledge of the attack gotten widespread, attackers maybe slightly discouraged, while not really giving up. Yet, incase they become successful, this assault could just become the biggest synchronized one against US financial institutions hitherto, concludes RSA.

Related article: A New "Blackmailing" Variant Creeps Around…

» SPAMfighter News - 10/12/2012