According to a newly published report by AVG, upon obtaining access to a mini ZeuS botnet dubbed Mumba, part of Avalanche group’s online operations, they found 60GB of stolen data such as, accounting details for social networking sites, banking accounts, credit card numbers and intercepted emails.

via Researchers peek inside a mini ZeuS botnet, find 60GB of stolen data | ZDNet.

Three-month-long investigation by CTU uncovers inner workings of Russian check counterfeiting operation. SecureWorks has notified and is working with law enforcement on this scam. SecureWorks has protections in place for both the Zeus and the Gozi Trojans which are utilized in this scam.

via Big Boss Check Counterfeiting Ring – Research – SecureWorks.

The latest Zeus bot configuration contains list of targeted financial institution from Spain, Germany, United Kingdom, and USA. The previous versions contains all the list of financial institutions from different countries around the world, while the new version only contains two targeted countries and currently paired as: Spain-Germany and UK-USA

via Zeus Version 3 – Target Spain, Germany, UK, and USA Banks – CA Security Advisor Research Blog.

According to CA , Spanish financial institutions appears to be the most targeted (26%) by this new version of ZBot.

This is the first time I’ve seen ZeuS target Russian banks given that online banking is not so popular in Russia. I can recall a few ZeuS/ZBOT samples targeting Yandex services, but I definitely can’t recall anyone targeting MDM Bank or other online Russian banking systems.

via ZeuS/ZBOT Targets Russian Banks | Malware Blog | Trend Micro.

Cybercrooks have developed regionally-targeted banking Trojans that are more likely to slip under the radar of anti-virus defences.[...]

[...]Trusteer cites two pieces of regional malware targeted at UK banking consumers. Silon.var2 crops up on one in every 500 computers in the UK compared to one in 20 000 in the US. Another strain of malware dubbed Agent-DBJP was found on one in 5 000 computers in the UK compared to one in 60 000 in the US[...]

[...]Unlike known malware kits such as Zeus Torpig and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors regional financial malware such as Silon.var2 and Agent.DBJP are highly targeted ” said Mickey Boodaei Trusteer s chief exec.[...]

[...]Silon DBJP and other regional financial malware have been identified through Trusteer s Flashlight service and analysis and investigation results have been shared between participating banks ” explained Amit Klein CTO of Trusteer. “If a bank in a specific region experiences fraud from a new piece of regional malware there is an 80 per cent chance that other banks in the same region will experience in the near future similar losses from this malware ” he added.”

via Regional banking Trojans sneak past security defences • The Register.

The Kraken botnet — one of the Internet’s largest and most difficult to detect in 2008 — is rearing its ugly head again.

…

So far, the resurrected Kraken is primarily a spam distributor, focusing most of its output on ads for male enhancement and erectile dysfunction, Royal says. The botnet’s performance is prodigious: a single node with a DSL-speed connection was detected sending more than 600,000 spam messages in a 24-hour period.

…

The resurrected Kraken is usually installed by another botnet, using botnet malware such as Butterfly, Royal reports. It’s not clear whether Kraken installation is handled by the same criminal group as Kraken operations, but it may be an example of specialized criminal groups working together, he suggests.

via Kraken Botnet Making A Resurgence, Researcher Says – botnets/Security – DarkReading.

According to a report in Belgian newspaper De Tijd, malware has been used to compromise the online portfolios of Belgian investors. The botnet was then used to influence stock prices, making the criminals more than 100,000 Euros. The investigation has remained secret until today.

“With a push of a button the botmaster instructs all the computers to buy or sell the same shares at the same time.“

via Belgian pump and dump botnet » CounterMeasures.

Although is an incident happened on April 2007, it should be seriously analyzed. Currently, Are the financial system’s security countermeasures so far away from 2007 ?  I think not.

Russian-born Kaspersky said the botnet “looks and smells like it was made in Russia”.“Mariposa has a way about it that I believe says it was made in Russia,” Kaspersky told Computerworld Australia.“In Russia you can buy a botnet and they will demonstrate it for you before you pay.“I think [the three arrested men] did not know much about botnets. They just bought it and followed instructions.”Kaspersky said botnets are “out of control” in Russia. He said they said used by local businesses to attack rival companies and by criminals to launch international attacks.

via Mariposa might be Russian – security, kaspersky, denial of service – Computerworld.

Our analysis has shown that the kill Zeus feature seems to work on a limited number of Zeus samples. In March 2010, Symantec alone counted 9,779 new unique samples of what we call Trojan.Zbot. We estimate that only a small percentage of these samples can be successfully removed by SpyEye’s Kill Zeus feature.

via Symantec Connect.

Hosting UA in Odessa one of the main data centers and hosts in Ukraine is offline, due to a major fire.

Figure 1 Hosting Ua – Fire – courtesy watcher.com.ua

AS41665 HOSTING-AS National Hosting Provider, UAwith 144,384 IP addresses and was # 4 on the HostExploit Bad Hosts Report in December 2009 out of 34,000 ASNs (autonomous servers / hosts) compared for serving badness on the Internet

via Russian Business Network (RBN): Hosting Ukraine Burnt Out | HostExploit.