The Italian Honeynet Project

We recently received a report of a new phishing attack that originated from Mexico. It takes advantage of the controversial news about an allegedly missing four-year-old girl, Paulette Gebara Farah, who was later found dead in her own bedroom.

Users who are following the said news may fall prey to this attack by visiting the page http://www.knijo.{BLOCKED}0.net/fotografias-al-desnudo-de-la-mama-de-paulette.htm, which contains an article about Paulette and claims to show nude photos of her mother. When a user accesses this page, a fake dialog box pops up and requests the user to download and install Adobe Flash Player.

via Tequila Botnet Targets Mexican Users | Malware Blog | Trend Micro.

Penn State University is dealing with yet another data breach situation this week after school officials discovered that a university computer was essentially commandeered by a botnet and was revealing the names, social security numbers and other personal information of 15,800 students.

via Botnet Takes Control of Penn State Computer – www.esecurityplanet.com.

Very interesting initiative from the Australian IIA.It should be adopted by any ISP in the world . I would like to underline the “e” point , because it highlights the importance about collaborative actions against cybercrime.

e) Developing mechanisms for ISPs to share information and collaborate about
cyber security compromises and developments affecting other Australian ISPs.

Internet Industry code of practice

Russian-born Kaspersky said the botnet “looks and smells like it was made in Russia”.“Mariposa has a way about it that I believe says it was made in Russia,” Kaspersky told Computerworld Australia.“In Russia you can buy a botnet and they will demonstrate it for you before you pay.“I think [the three arrested men] did not know much about botnets. They just bought it and followed instructions.”Kaspersky said botnets are “out of control” in Russia. He said they said used by local businesses to attack rival companies and by criminals to launch international attacks.

via Mariposa might be Russian – security, kaspersky, denial of service – Computerworld.

BitDefender has released an emergency update to protect against a potential pandemic caused by the emergence of a botnet self-development kit controllable via the popular social media service Twitter®. In order to create their custom bot, an attacker only has to launch the SDK, enter a Twitter username that would act as a command & control center and modify the resulting bot’s name and icon to suit their distribution method.

via Twitter®-Controlled Botnet SDK At Large – Malware City Blogs.

Nice report,take a look at the video below:

Twitter botnet

Cyber criminals are renting out their botnets for just £5.99 an hour, enabling unskilled crooks to launch DDoS attacks.

[...]

They found the herders used many of the typical advertising tools to attract people, from banner advertising to forum marketing, and then charged just under £45 for a full day of botnet attacks capable of taking down websites and applications.

via Cyber criminals charge just £6 for access to a botnet | IT PRO.

The latest in the string of “bulletproof” ISPs has been taken down on Friday after its upstream service provider DIGERNET has been disconnected. PROXIEZ-NET went down making its claims of being immune to shutdowns untrue. According to The Register just days before the shutdown PROXIEZ-NET found its way to the Spamhaus block list for “acting as a ZeuS botnet C&C or hosting binaries dropzones for the ZeuS botnet.”

via Zeus-friendly ISP taken down.

Bank thieves have rolled out a new weapon in their arsenal of tactics — telephony denial-of-service attacks that flood a victim’s phone with diversionary calls while the thieves drain the victim’s account of money.A Florida dentist lost $400,000 from his retirement account last year in this manner, and the FBI said the attacks are growing.

via Thieves Flood Victim’s Phone With Calls to Loot Bank Accounts | Threat Level | Wired.com.

In a quickswapping scheme, a cyber-crook will use sites such as eBay or Amazon to offer an expensive item at a cheap price, explained Mikko Hypponen, chief research officer at F-Secure. After a deal is reached, the scammer will make an enticing offer – they will agree to ship the item to the buyer and only accept payment after the person has checked it out.Next, the scammer will use credit card information he or she previously pilfered with malware such as Zeus to purchase the item and send it to the buyer. After the buyer sends the agreed payment via Western Union or WebMoney, the scammer disappears, leaving the person whose card was stolen with an illegal charge and the quickswapping buyer at risk of having the item confiscated by police as stolen merchandise.

via How Cyber-Crooks Turn Stolen Data into Money on eBay – Security from eWeek.

The business of botnet building is precisely that – a business. When organizations look to the threat from a compromised asset perspective they too often fail to appreciate whats really happening. A typical reaction is thus “why are they targeting me?”

If you step back a little – somewhere between the proverbial 10,000ft and the weeds – you’ll begin to notice some of the intricacies of whats happening in the criminal botnet building world. Granted, there’s a lot of confusion as the security vendors throw about various threat terminology and often use them interchangeably depending upon their perspective, but in reality it’s not too complicated.

From: Damballa.com.