Are We Loosing The War On CyberCrime?

Roger Grimes, Security Expert Adviser at InfoWorld thinks so. His argument goes like thisroger grimes

“You may have read the reports: We have captured Albert Gonzalez, one of the “world’s biggest malicious hackers.” Big deal.

I’ve been fighting cybercrime for more than 20 years, so you’ll have to excuse me if I’m a little jaded for thinking that this “huge” hacker is but another small-time player in the big-time world of cybercrime. In fact, I’m pretty sure that we still haven’t captured a single major player — the Pablo Escobars.”

[ The Department of Homeland Security reports that the IT sector is resilient against serious cyberattacks. | Learn how to secure your systems with InfoWorld’s free Security Central newsletter. ]

Read about this at – What do you think?   We like to know.

The sophisticated money mule have a HAVEN NETWORK TimeNet BeiJing Graphically presentation below Part of The Asporx Network Self-Sustaining Cybercrime Platform

Spam Haven Botnet1


Spam Haven Botnet


19 replies

  1. Report Calls on Microsoft to Ban Ads for Rogue Internet Drug Outlets on
    On August 4, 2009, LegitScript and KnujOn released the first in a series of reports about United States companies that facilitate, and profit from, the illicit sale of prescription drugs. The first report focuses on Microsoft and how rogue Internet drug outlets are being allowed to participate in its online advertising program for, a search engine recently launched by the company. The authors assert that Microsoft has the ability, and responsibility, to ensure it does not display, much less profit from, Internet ads for Web sites engaged in illegal activities, such as selling prescription drugs without a license or a prescription. The report states that 89.7% of the ads on for Internet drug outlets that the authors reviewed are acting unlawfully in some way, and some drugs obtained from these sites were found to be counterfeit.

  2. New Malware Threat

    Name: Worm.Lovgate.F
    Type: Worm
    Affected Platform: Win32
    Media-Type: application/executable
    Static File: yes
    MD5 Checksum: 5D73ABA7169EBFD2BDFD99437D5D8B11
    Filesize: 107,008 Bytes
    Wildlist Entry: yes
    Alias Names (also known as):
    – CA ETrust: Win32/Lovgate.F
    – McAfee: W32/Lovgate.f@M
    – Sophos: W32/Lovgate-E
    Side Effects:
    – Drops malicious files
    – Uses its own Email engine
    – Registry modification
    – Email
    – Local network

    You can find a detailed description of this malware on

  3. Isuzu Turkey Web Site Compromise

    Websense Security Labs(TM) ThreatSeeker Network has discovered that the official Isuzu Web site in Turkey has been injected with a malicious iframe redirector. Isuzu is one of the well-known Japanese commercial vehicle and truck manufacturing companies, particularly in the Asian and European regions.

    The ThreatSeeker Network has found thousands of sites compromised by a similar attack strategy. At the time of writing, the iframe redirector’s target URL was unreachable. The redirector itself is still present, however, offering continued infection risk if the malicious Web server comes back up, or if it is replaced by another malicious server. Further investigation indicates that the IP address hosting the target URL hosts other malicious sites, as well.

    Websense® Messaging and Websense Web Security customers are protected against this attack.

    To view the details of this alert Click here

    To unsubscribe from these emails Click here

    Protected by Websense Hosted Email Security —

  4. FIRE: Finding Rogue Networks


    For many years, online criminals have been able to conduct their illicit activities and masquerade behind disreputable Internet Service Providers (ISPs). For example, until recently, organizations such as the Russian Business Network (RBN) and Atrivo (a.k.a. Intercage) operated with impunity, providing a safe haven for Internet criminals for their own financial gain. What primarily sets these ISPs apart from others is the significant longevity of the malicious activities on their networks and the apparent lack of action taken in response to abuse reports. Interestingly, even though the Internet provides a certain degree of anonymity, such ISPs fear public attention. Once exposed, rogue networks often cease their malicious activities quickly, and the Internet criminals are forced to relocate their operations.

    This website is the frontend of FIRE, a novel system to identify and expose organizations and ISPs that demonstrate persistent, malicious behavior. The goal is to isolate the networks that are consistently implicated in malicious activity from those that are victims of compromise. To this end, FIRE actively monitors botnet communication channels, spam traps, drive-by-download servers, and phishing web sites. This data is refined and correlated to quantify the degree of malicious activity for individual organizations and presented on this web page.

  5. Websense Security Labs(TM) ThreatSeeker(TM) Network has detected that the site has been compromised and injected with malicious code. The Web site belongs to a high-profile advertiser on the Internet realm. It’s important to note that serves advertising content from, and that this site is clean. The injected code is part of an ongoing mass injection campaign that compromised thousands of legitimate Web sites. Websense Security labs have been tracking this campaign for months.

  6. Feds Bust Hacking Ring Accused of Stealing Millions

    November 11, Reuters – (International)

    A U.S. grand jury indicted eight foreigners on charges that they hacked a computer Signnetwork used by the credit card processing company RBS WorldPay and stole more than $9 million, the U.S. Justice Department said on November 10. The group, which included people from Estonia, Russia and Moldova, was accused of compromising the data encryption used by RBS WorldPay, based in Atlanta and part of Royal Bank of Scotland, and gaining access to accounts a year ago. RBS WorldPay is one of the leading payment processing businesses globally. U.S. cyber security officials long have been worried about hacks into global financial networks that could harm the financial system. This indictment marked the latest in a series of cases that have highlighted the risk to such networks. The ring was charged with hacking data for payroll debit cards, which enable employees to withdraw their salaries from automated teller machines. Those accused in the case allegedly raised the limits on some cards so they could withdraw the money, the U.S. government said. More than $9 million was withdrawn in less than 12 hours from more than 2,100 ATMs around the world, the Justice Department said, adding that RBS WorldPay immediately reported the breach once it was discovered.


  7. NACHA Phishing Alert – E-mail Claiming to be from NACHA


    NACHA – The Electronic Payments Association has received reports that individuals consumer alertand/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. See sample below.

    The subject line of the e-mail states: “Rejected ACH Transaction.” The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA Web site and contains a link which is almost certainly executable virus with malware. Do not click on the link. Both the e-mail and the related Web site are fraudulent.

    Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

    NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

    If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current.

    Be alert for different variations of fraudulent e-mails.

    = = = = = Sample E-mail = = = = = =

    From: []
    Sent: Thursday, November 12, 2009 10:25 AM
    To: Doe, John
    Subject: Rejected ACH transaction, please review the transaction report

    Dear bank account holder,

    The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

    Unauthorized ACH Transaction Report (this is the how the link is presented)


    Other Domains Associated With This Scam


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s