THN : The Hacker News. : A Russian cybergang headed by a mysterious ringleader called ‘Soldier’ were able to steal $3.2 million (£2 million) from US citizens earlier this year using the SpyEye-Zeus data-stealing Trojan, security company Trend Micro has reported and Trusteer reports that an Android variant of Spitmo (SpyEye for mobile) has been discovered. The methodology sounds familiar for those familiar with ZeuS Mitmo and SpyEye Spitmo: infected computers inject a message into targeted netbanks prompting their customers to install software on their phones. Once Spitmo is installed, the SpyEye attacker is able to monitor incoming SMS and to steal MTAN authentication messages.

“His botnet was able to compromise approximately 25,394 systems between April 19, 2011 and June 29, 2011. And while nearly all of the victims were located in the US, there were a handful of victims spread across another 90 countries,” it said in a blog post.

[…]

About 1,500 customers of internet service provider Virgin Media have been warned that their PCs are infected with a malicious virus.[..]

Virgin is understood to be the first UK ISP to give specific warnings about viruses based on SOCA’s advice. [..]

Virgin company stressed that it had not been monitoring user activity, rather some of their customers’ IP addresses were found by law enforcement while investigating criminal botnets.[..]

via BBC News – Virgin alerts infected customers.

In the latest of a series of arrests to be made in relation to online bank fraud, the Met’s e-crime unit has struck again, taking 19 alleged cyber-criminals into custody.

The gang is suspected of having stolen some £6 million over the last three months, according to the BBC News (just enough money for them to be able to construct their own bionic man).

via Police nab 19 over Zeus botnet bank fraud.

According to a report in Belgian newspaper De Tijd, malware has been used to compromise the online portfolios of Belgian investors. The botnet was then used to influence stock prices, making the criminals more than 100,000 Euros. The investigation has remained secret until today.

“With a push of a button the botmaster instructs all the computers to buy or sell the same shares at the same time.“

via Belgian pump and dump botnet » CounterMeasures.

Although is an incident happened on April 2007, it should be seriously analyzed. Currently, Are the financial system’s security countermeasures so far away from 2007 ?  I think not.

Penn State University is dealing with yet another data breach situation this week after school officials discovered that a university computer was essentially commandeered by a botnet and was revealing the names, social security numbers and other personal information of 15,800 students.

via Botnet Takes Control of Penn State Computer – www.esecurityplanet.com.

The latest in the string of “bulletproof” ISPs has been taken down on Friday after its upstream service provider DIGERNET has been disconnected. PROXIEZ-NET went down making its claims of being immune to shutdowns untrue. According to The Register just days before the shutdown PROXIEZ-NET found its way to the Spamhaus block list for “acting as a ZeuS botnet C&C or hosting binaries dropzones for the ZeuS botnet.”

via Zeus-friendly ISP taken down.

In a quickswapping scheme, a cyber-crook will use sites such as eBay or Amazon to offer an expensive item at a cheap price, explained Mikko Hypponen, chief research officer at F-Secure. After a deal is reached, the scammer will make an enticing offer – they will agree to ship the item to the buyer and only accept payment after the person has checked it out.Next, the scammer will use credit card information he or she previously pilfered with malware such as Zeus to purchase the item and send it to the buyer. After the buyer sends the agreed payment via Western Union or WebMoney, the scammer disappears, leaving the person whose card was stolen with an illegal charge and the quickswapping buyer at risk of having the item confiscated by police as stolen merchandise.

via How Cyber-Crooks Turn Stolen Data into Money on eBay – Security from eWeek.

RSA Conference 2010 — Russian hackers have written a more sophisticated version of the infamous BlackEnergy Trojan associated with the 2008 cyberattacks against Georgia that now targets Russian and Ukrainian online banking customers.

. “The rules have changed,” Stewart says. “There was once an unwritten rule that they didn’t attack their own banks.”

But like most cybercrime operations, money is money, and the BlackEnergy botnet gang appears to be expanding its operations for more profit.

While the Zeus Trojan remains the most popular Trojan, Stewart says BlackEnergy 2 can do things Zeus cannot, such as stealing online credentials plus DDoS-ing. BlackEnergy 2 also steals the user’s private encryption key. Stewart has written an analysis of the Trojan, available here.

via New BlackEnergy Trojan Targeting Russian, Ukrainian Banks – DarkReading.

SAN FRANCISCO (AP) — Authorities have smashed one of the world’s biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs.

The “botnet” of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.

Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.

Spanish authorities have planned a news conference for Wednesday in Madrid.

[....]

Also, the suspects go against the stereotype of genius programmers often associated with cyber crime. The suspects weren't brilliant hackers but had underworld contacts who helped them build and operate the botnet, Cesar Lorenza, a captain with Spain's Guardia Civil, which is investigating the case, told The Associated Press.

Investigators were examining bank records and seized computers to determine how much money the criminals made.

[....]

via News from The Associated Press.

An Analysis report by DefenceIntelligence  here

The takedown of the Waledac botnet that Microsoft executed this week – known internally as “Operation b49” – was the result of months of investigation and the innovative application of a tried and true legal strategy.

[..]

In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.

[..]

This action has quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world.

via The Official Microsoft Blog – Cracking Down on Botnets.

Well done.