IT DRILLDOWN
SOA
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Portfolio Management Maturity Model at Chevron - Presentation & Discussion

November 13, 11:30 AM - 12:30 PM ET (GMT-4)

The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
Feature
 

Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy

A sophisticated new breed of online criminals is making it easier than ever for the bad guys to engage in identity theft and other cybercrime.

 

By Scott Berinato

September 17, 2007CSO — By 2003, online banking was not yet ubiquitous but everyone could see that, eventually, it would be. Everyone includes Internet criminals, who by then had already built software capable of surreptitiously grabbing personal information from online forms, like the ones used for online banking. The first of these so-called form-grabbing Trojans was called Berbew.

Inside an Identity Theft Site

An exclusive look at the inner workings of 76service
Click the "Play" button on the video below.

DISCLAIMER: What you see is a film of the video captured by SecureWorks senior security researcher Don Jackson after he was among several unidentified forum participants given an invitation without limitation to explore the site. When we say Jackson "hacked" the site, we are using the term in the non-malicious sense. Jackson's video was filmed to allow us to zoom in on and highlight specific areas on the site. The video has been edited for time, but no information has been changed. IP addresses have been blocked to protect innocent victims. Companies named in the film were not compromised; rather, the machines of consumers who visited those companies' sites were compromised. The information contained within this video was shared with law enforcement.

Berbew’s creator is believed to be a VXer, or malware developer, named Smash, who rose to prominence by co-founding the IAACA—International Association for the Advancement of Criminal Activity–after the Feds busted up ShadowCrew, Smash’s previous hacking group.

Special Report: The Hacking Economy
Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy
Hacker Economics 2: The Conspiracy of Apathy
Hacker Economics 3: The Next Wave of Malware
Key Malware Terms
A Trojan's First Second
Death by iFrame
Inside a Hacker's Site: Screenshots

Berbew was wildly effective. Lance James, a researcher with Secure Science Corp., believes it operated undetected for as long as nine months and grabbed as much as 113GB of data—millions of personal credentials.

Like all exploits, Berbew was eventually detected and contained, but, as is customary with malware, strands of Berbew’s form-grabbing code were stitched into new Trojans that had adapted to defenses. The process is not unlike horticulturalists’ grafting pieces of one plant onto another in order to create hardier mums.

Thus, Berbew code reappeared in the Trojan A311-Death, and A311- Death in turn begat a pervasive lineage of malware called the Haxdoor family, authored by Corpse, who many believe was part of a well-known, successful hacking group called the HangUp Team, based in the port city of Archangelsk, Russia, where the Dvina River empties into the White Sea, near the Arctic Circle.

By 2006, online banking was ubiquitous and form-grabbers had been refined into remarkably efficient, multi-purpose bots. Corpse himself was peddling a sophisticated Haxdoor derivative called Nuclear Grabber for as much as $3,200 per copy. Nordea Bank in Sweden lost 8 million kronor ($1.1 million) because of it.

But by last October, despite his success, Corpse decided that it was time to lay low. A message appeared on a discussion board at pinch3.net, a site that sold yet another Haxdoor relative called pinch.

“Corpse does cease development spyware? news not new, but many do not know” reads a post by “sash” translated using Babelfish. It then quotes Corpse: “I declare about the official curtailment of my activity of that connected with troyanami [trojans]”

This past January, a reporter for Computer Sweden chatted with Corpse, pretending to be a potential customer. Corpse tried to sell him Nuclear Grabber for $3,000 and crowed that banks sweep 99 percent of online fraud cases under the rug. After Computerworld Australia published the chat, Corpse disappeared. He hasn’t been heard from since.

But his form-grabbing code resurfaced, when a friend of Don Jackson asked him to look at a file he found on his computer, as a favor.

That file led Jackson behind the curtain to find hacking with a level of sophistication he’d never seen before.

Next: Gozi and the hacking service economy.
Loading...
 
 
CENTER OF EXCELLENCE
 
Security
» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.
» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.
» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.
» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.
» E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention Solutions
Learn how this proactive implementation of a DLP solution helps ensure E-LOAN's customer trust and loyalty.
Center sponsored by

 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Secure your virtual and physical environments with the same software.

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Information Security: Data Drains and How to Prevent Loss

Prudential Financial Protects its Brand with Symantec

Quest Authentication Services: Simplify Identity Management

Top 10 Ways to Protect Against Web Threats

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Solving Online Credit Fraud Using Device Reputation

File Integrity Monitoring: Secure Your Virtual & Physical IT Environments

How to Manage the Mobile Work Environment

Extending PCI Compliance to the Mobile Workforce

Building an Online Customer Experience Competency

Learn About the Features of the Google Universal Search Solution.

Mission Impossible: Building the Right Project Metrics

Project Portfolio Management - Boost the Value of IT

Telepresence - A Realistic Solution Connecting a Global Workforce

Turn Information into a Competitive Advantage

How End-User Monitoring Can Help You Improve Customer Satisfaction

The PCI Data Security Standard

Proving Control of the Infrastructure

The Benefits of Data Deduplication for Data Protection in the Enterprise

Reap the Benefits of Unified Communications

Renowned Engineering Institution Chooses AMD Processor-Based Servers

New research validates telepresence solutions.

Configuration Assessment: Choosing the Right Solution

Security and Trust: The Backbone of Doing Business over the Internet

7 Requirements of Data Loss Prevention

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0

Quest Authentication and IBM Tivoli Identity Management

The Case for Business Software Assurance ~ Securing Your Applications

Configuration Audit and Control for Virtualized Environments

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Protecting Data in a Highly Networked World

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Strategies for Asia-Pacific Expansion

Improve delivery of product information to customers.

Put Enterprise Communications on Autopilot

Portfolio Management for Effective IT Governance

Unify and Conquer: The Benefits of Unified Communications.

Data Center Asset Planning - Regaining Control of the Data Center

HP Webcast: Transforming the Data Center

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Destination: Intelligent Data Center Automation

Consolidation: Just the Starting Point for Virtualization

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Optimizing Infrastructure Control

Effective Security with a Continuous Approach to ISO 27001 Compliance