|
|
|
How Online Fraudsters Are Using SAAS in Their Networks
By: Chris Preimesberger
2008-09-26
Article Rating:  / 12
There are 0 user comments on this IT Infrastructure story.
It's now possible for anybody to purchase online criminal services on a monthly fee basis--if you know where to go. As the bad guys get more sophisticated, false bank Web sites are becoming harder to identify from legitimate ones. Even more caution is now needed to stop these frauds, a noted online security expert says.SANTA CLARA, Calif. -- Apparently, there are some real career paths available in the online fraud business. One can become an identity harvester, a software developer who builds botnets, a delivery middleman, a salesperson--the list is long and resembles legitimate businesses in many ways.
At an analysts' briefing Sept. 25 at EMC's Silicon Valley offices, RSA Security head of new technologies Uri Rivner told attendees that the Internet fraud business has grown so large and enmeshed in legitimate online activities that it is becoming increasingly difficult to tell who's good and who's bad.
Rivner pointed out two recent trends: a) Fraudsters using SAAS (software as a service) models to sell their services to customers for a monthly fee, and b) the appearance of new super-Trojans that hijack legitimate bank Web sites and fool people into entering personal financial information--such as ATM account numbers and personal identification numbers--into the phony Web site.
In describing the hosted fraud model, Rivner said that if a willing participant knows where to go, he or she can simply order a phishing or other criminal business service online and pay a fee per month to participate as an investor in order to share in the "profits."
"This fee at one of these services is $299 per month," Rivner said. "This puts you into the food chain of [identity] harvesters, phony ATM card makers, delivery specialists--a whole infrastructure of criminals.
"There looks to be quite a career path in there for some people. Everybody's a specialist in this realm, and reputation is paramount."
Of course, trusting any of these anonymous folks online is another issue that an "investor" or "customer" has to solve.
The second trend, involving the new Trojans--which can get installed on an unsuspecting computer owner's machine through either opening an executable file or by a browse-by Web site, which is fairly rare--is also a growing problem, Rivner said.
"In this scenario, with the Trojan on the client and working, the user goes to his or her bank's Web site to make a transaction. The Trojan is alerted to this when the site is brought up. When it does show up, it waits for the user to log on, then brings up the false site, which looks very similar to the legitimate one," Rivner said.
"Except there's one difference: The false site has two more lines of information it asks for: an ATM account number and the user's PIN. Once the fraudster gets that info, the account is soon drained," Rivner said.
Rivner advised online bank users never to take the sites they use for granted.
"Keep a close eye out for changes in the site. Make sure that your connection is a secure one," he said. "If anything looks a bit different than usual, that should be a red flag. It's probably a ruse."
Most banks do not ask for account numbers and PINs, he said. That would be the first clue that something's amiss.
Most of these online crooks use IRC (Internet relay chat) to communicate--most often in code--and, naturally, aliases. They build their reputations within the network by getting credit for helping facilitate large fraud deals involving banks, savings and loans, hedge funds and other financial institutions.
More news in the online security sector surfaced Sept. 25, when reports revealed that Neosploit, a black-market hacker exploit kit that many security experts believed had been shut down months ago, has reappeared on the scene and is responsible for an increase in attacks.
Ian Amit, director of security research at Aladdin Knowledge Systems, said that rumors of the kit's "retirement" last summer were off base.
RSA, one of the most well-established software security companies in the world, has shut down about 100,000 online fraud schemes in the last several years, Rivner said.
"But there are still plenty more to get, and there are new ones popping up every day," he said.
|
|
�������x}ksȲv�>c�O�lpӶ1t{zv7�! XH�IئΟ/7Oo̪ҋ�?zmw
ȪzCgo폂@.�U7�teƽi&�)Q6�E�pH#lXLg{MoE�Y���
(º�f�zRd`9�rT(2=h�G')tvlcV
̿{kW���U�֏̵Ǿ?]�b!6br�mCO|tu��0�9ꛎ��]cX`_EQs3�ML.g�YwUE.�$UBH*�UwCuL{hRLs3ywZ�~^H%YQ${>��g�,վ����*y�}zvzuqV�oY��vY/o0ȷND_<�QQ.$ND��&7
��WP� O.jQ�[N-���TRjqj�5=� f�ZҐ�#�YXNڭ^S|6zvEzv�;lM,!�\V���R(^XHfxEY}vY4[ڧ.gg�c20t��Wh2M?)N*k_oG}�߮A"�[C9�cؚ`#T*#AμCb9}n�?\OIF�(6{My��sU3QZ(2$�g|qGbF|DX2V��?V3z6
x}♺A�s "-��ag��8j+:!���iKcCoH�"� �W V�Z��p-@lo�
K��.,r5&S��H��86E�g)ehHC `qK+�0T3��m�Rt3r.JR)"B䞓3�QE�KH�@!]J!8�F��!8Q%Ky}7�pz@W
s}rNW+SSb{纻H��n}ױGV$U.[n}�8V$gthl�* ]zb8c\Z�TW�r(R�w��dR-@EH�UL@�/7֩n!���m��TPY~NfB�54ة�YL>1ts6
Tێ�(�>2胊:m�j.sWI��hnvt��H�xP]#�譫�Rg��9H_4}�T��$𦵌r�*z Tm��9�A%UGAMϛ�L��K`r����{�hk�=rDMWt����͋�����y��88J��E8>ԙg@�3=�k
ќ�VUR��*���L385l��[r%Fa��A7y�5��]��MPԤv���B��B
!L�60 ��Ȗ�(��b!��t�րbq .�gbX@=7Z >*-4�qR% 53PiNbL=?ij3ev�G�,]Ez9rU�
.�k
��Jԭy�BA*Q�Fܚ��M̈́-�G�n]^yOf�l`a�JQC"⦢;.Mc�+�AP:��|CC,v�:ֽAh`aAXi9�k����ԸGzo[6�tsbڰa�ژWjX�m!4݅e��j0�Mig2
=Gޫ�8�鴉c�k3T\.{ =3q
؇�傥&|Uz�I2)�|,�!�Tqΰ�p�eB&�k*H(ALSbny6y�[�2+KM&WV�ytHe_J�VT�V3(QW{MDL�Խ�Ǡ3݂�ZQMs�\|�[֕[%3˺�{_Fo:�!4�m� �2$��@HQٖk+,�:+}:K�_ji��HHC�dmҁ9bZ��(J1�]b@'^&økQ(Í}�}�i9cm���,_"eQ:7>Rai�F6.b")h�K�x;�@� �xB#��3Q_莉n2Iz68ͺ:S@�ꇮcO;u�U.M>`r
�g.K��^hpcNj4`1چE�.6B+r�3{-�"^=�w@(����h
,|JсU|wXTabig=k-o�;UC]�a:nZ-��V!҃�� TtJ�Dm��
z5_:�wlļ\D_wa��y
7a(e9<�6�Dsq�a,Be1��J3t,yH�ڟ�ɪ='3Jc:E\$=��K.�7uX83�
\�*�q'^n^$Q4�q�4/~f�6�N�a0ܖh磊�SP;30Qq@t,C�**[PfN^J1xH��m[g���3TW�#O���>EP�}�~a"]
���l%��H�u�"d1/Q�|*UTJet`naܒ@@+hܒeT㈛.ZE^nv�Z��KmWa��6sф5\[�lV@a96k\RQ*qU�EJ1�b(^f*;.!wXY*;a�C�Lg�TP�Hw�ض\,2�Ŀ�jB!�q_C@1ITyDs
�X�@b�r(J$Ge�|2(��l"!C.b'Dql�';l$p+7uɱ��+zc��9^&R@��#I ���_�Q��qnPx|D�
pWss=B�=&BP`�&Rs,/�nt@�=��轟xw�]ޛvw~L
==\e1caРI\r8+%E]7UK:\;OjT �څE1
AV�]�=�Mpiq�&�mR'C82h\8�Mj/=��—5��)-sl0bA�`FJ
�_k%W��7�%M�FxL�e[QyHWطJ��5�Lo�}`r12�
A��@�cK�[%#Esx8)3�^t�=�-g����:Y�"�(\R.IH�,lvn�(�6�;F_��ٿ�s�~�Ib
Tr�t6~O�K0NvfI�Ϥ+f+ƭՓOsqHHD
'E�
>_�/ggw$i!�V)�k��n�"dSO�c26uݰCJ T=��S4z-{rϼt1A�Dw
1xL�i~�=mPRlM��ݻ<
/.i_߹mDRF�Sgm�\& �'�1�k6.2��1Rr';$!@N^K`UKuVGa|xo�'jxh�CZ�CyN>�r{hg*壣@;�gqHڶcL{�W$ߋ8��Gu*b<�l_k@.7naqB{no���Z$5m�'꜌;U��y�zo�h �.�Ro�m-{xoC�V#��BZ
(W[��fLM�h+GC|@uA*5GIl��#䜉�*~ne�5i'3
M�ٿO�dB=K���i�sP���z�Rݕڋ1�qI�IN)ӳyEDYd)�W]Qכ C/�\�F�x�Lߴ.A�)o�ҁY&-3�l#ڝ;�>DɥG~viك*�r�ÚTe)7�"]wЀBqم-Z"5V%2.r\�5"�nx�+Z\(�|ˋ��eUj�� h�0kd�?Vȿ5LDp|g4�Tuɡk�T�sHXj
�ij8&K-;:a#ϐ_�y}�jgƙC3����J6��KwVp�.
v_�!O�"%�JJL�ץ-#��R�]Cf��uk-C§
,'i�Ɵ?qVԱ�Q*��2$;j�ߖ6ւ1v̙[ʈ1௵�K1-[K/s!&a'TV&��(
�Z�qk]A(�3�B0v���V.)UrtTGm0:rdإ[DO2~8W�
<(1=�5I/+"%|م+;&�s�r"���X�aUXE�wu2؊��0e�MȮrmBeA�/5R 6
GµjԵԉ'`.j@9P*R1~��B�
I7B8or1P�D1��v
t9A$�� @$�" �:B\Xe#C::章+'c[܋�y pz\h*h1P��41G.�[O�.HcQV�:}ɿ��ڞС7_q(6�3�6HM�tl�5i
'z�aH����1"Oݜ};\S4<ԟVoK)rri �;T6n?չ8c6YX8sՙ.�r�ә�kF�%%���k"�-ܑi�#}7l$[v��ʗ[�mI嗢W;�zv4ȵ!�U
�v��>Ǭb���#I`tH�74�b�]qQbuF7q-�nnnnno⫛O, =<о(t�|�Yh�/,_�g=װuoAZn`�{�I�4�Ac+Sh$F��a+�^�ݛ?
E�vSjUvթyh�4]93}|�* Z� _H�O�alW.kj�+G2)��B6ż����|3̼8! O�HJ�*�F�B �Z5S Ć6�� E���F"`ȁ}3�H
�ԟPkkC9�]Ͱ�o�[��i=@5ªg1jDI�]l;`�UO�,ɋj]kԇ+cC`ݑR9rFng+v��}*O^GE�I��of_�3~gLԟP-͈�U׀$O?E��
nH���a#e�"��s`!8Z�<�
'TZk������3~#n/�vhqpጜS {��
�l�ܫ�ᵷ7&OjYp��P;TE1≸q.8솆X�(�|m|m_�a�`sz�mh�`0$;669e@�!~Pd�
`|F0��-c�t�c0�^-S^�Gsso,E!$+7j_AG-'wIINӡf*Nc%��l�1*_IH��:Aj#ݵܿvaO"ԺA3��@�a��T�ʡN�e�Pm
�MP�Ӭfl�ۿTG}fwQV>S�q2�O\���`G&�>D~4'SUۯ�5D$H��5݅�LP�x�u�DO7x�;o�gQI҂Z3!�b�\�.';NB4o$/�Đ���X�:���CI Ȱ^�
u�)�OTe�.��{kgDND��>��PZLcsWF�)1{H�R@�4�~CX�^BZ�$csL75EՈ
Rk�a�,f|DZRk�,s3I<ޅ�Sczҝ�jMg٘=6^��@�Lv�|*XﶚJr&1z{R6J��x��A��#}C�@Wݹ(GH}+n/AG�4d2�K4&+v"6\)�ppoflHp �-gİMױz
sđ�*ۋuFGў3,�)?x��0T~EY.x[jh�wQf'1q8�
`ɹj�b([a�ЀHS�/23?b)_b~e�z9t�l�'Zϙԍz�T��u571��rrM[#;!ޟ[H_&BnG�$;�
T�Ĕ#�[ BV$w�?n~z�*wc;qv�.UӢ�-<��~�HՄQT1�W :~^:,�ex@B;{�Qs���FԊXd0�#�>C?N9&[FLjR��n�O'L�v>u�DRY
`O�i$y�LK�1EP]~ �EC�`�Q>(zh_mnh��#3Cym"���|� yh;r'*� 8EA/A�k���'t
�مey.�dѤ�wk�r.K7�hqhY7�0uuc8-l
�q\Q-rr(G�;ֺpsՕO�(�O��]�ΰ"�@�[� g
��
S�
�%%n4Sp=�9�_}Y>la&?v@�:�0J=(�G�]Ĝ3]4�?Q'Ӫ_{�Ӛ1��:F:��>=KΙ�~�txˁ�>Nuȧ��@uCX:G˟�bs)R;Q�6ILsq�X\~DB(63
�F{k}tlj8A�Cf�p5f-UT�R�"aj_ʳ5�[Xe��* }.ܾg ӺY^F"`Ә\I
L^^�t/ P�J��
�wPɺ70n!TP =f�]�4Lq}}unHݴZ{zӾ;WuѹK[֊��_$#ԝNiYu}Ӿeg�+1z;�'�6/ԕMƋBe Aή�-�ʉh�Is.YX�1�K��x��" /�EL�yx&N I{��0ŋlyޗ���1,o:,l+�#{=�f*؊Jm9�
%^�N7sJN�=E��q5z@a력2d<2e.-T�o���Snu#V�ԬV>/۸�rH��RRo f}i�(߁NJ>Rzo}~�plB3Y
~CߧG>緛z�k�3|;�nJg>�_ծ~2?0˔_�4�^�~.Ss L�%e
}^�}^'U>As?O�#%�/Sa~R
*`R��": _:)�:>uJ��))�R+>#��a|R )��{BmJ@)�_�!e�F
5qv�s_ORX�yV��[#Og% S�vN
`�{R>SgKn
��
[ӌ+%'w�2Si[xE~-kkZ1j4��b}/
��BU(X2M"(1+(ԯfbV>c����K,/= >3�ǸJ��Xո]@&=ٻ�o,hcENJ9&yQg'fo{�,�O�W;'<%YØ/ܻ�Cz̈n}q
�!��Tf�4
C�lAp~�e�n}���=z���}Oq�T�U}M�.�m'}pE¨X��˺
&
X:ؖ��-E��"gXM�L)&t�ylo|�b�rц:��l�VeAG?] �$�gAb=�#j̳0;�}
AM�.ҡ��鬘Oa=��Ɛxe�@�މ`wưi��[0��״�U×g~f�AT
zHUA{փkX#YCXXNʄ_o�>Y݈70;�_q6�3{;`wZN�31CM]@%7>.B2#��.϶깎3Y9�54
~Wuu7L= S^���ۍ�v~UizNU9P��r�s���|��"
}to=&y4!`&�CNgLi�Yx) K��lNs�Ԅ�Q>xt=K*_tј�xD'4)Pv$a.w�Gy��0p;'F�ݝ)'A�-�,K�}`Z�vU$$
}�= �ڴཧVߞbrY�B8=6b¨鰧,aFbJo�%�JXHNKP}MIgXtب}rפX3n��A�ޚ0EPc�i�vl'PU��?���1
?GbM9P
$Oc<�ҭ(?�?�h_^&?}c]'nb�1uF.y]�T[�p�ؕEǎ篛�dskǪymy]Y>�:Ѝ5a�0�S#5��â@XVO�mүy~{��#>F
T�~qxtj�Dmd
��5��zG_o,3ljGSwZ32TV$��]72.놥yCx��=5US!�bwEO�GC�ߪ{,!~(^"�fu@gX$'L/~>r^-W{C��r�*tZ��5AݥcRf4
7Pr%H%){Ŕ�4�MRgĴ*JWm~yUWymKs"ӛ��8G0~o
[jWB�òR=��Mte/U~u/9Q0��&qo6�-
�k|���SȻbf4ԭ!f`]R��h��,�A�hM~����{@I �Ft >D YЈ�Pp`,��A�ŇmƠ[�=2b�R.ܺev�tܓ-�H9Xƿ|��Ղ}D��sOe�a�G�BEo֞M�%�!xB8�T�BӄI= ס�P3YcPX??79"_Pz>貰A@*�X7�ݦ/KߪcP��Ik��\=��"P3-~HKq$�`Wg0����Qdj�@�:Ƣ�u�=P���YqYLG{':pw��^հPFL�e�rcB*Sm,43�E&p9h��B��mČ.`Qw�ΣqDnc嫛:V�鞡k��ð3�AZ
F��3v�z6F�=�W��8!Mo'�>i=Na�)<���K*u�.�Pdm,�BA�r<Ͻ��Z:�Q�� /\��"�?�}�+����Q\wv?@JDM^Է$iPo�o� Y!7��9�Ce�P��m��;�!�\]|g+�F
Fҁw~�#V%����bV�[�l ykWu]�lmShu 'nL3�G�(���"�eZ>X+|aW�h.Qx�7�k�R)RS�[f0�T�,.V(L�$qꘁE9�mQ>g�Z�z�kbJmu���Ǧ/#'9&>pH�x;S2öxUe(
Rk^dg#[$�0M,gZYe2J\u�Z&s/>� v�Z��2��2F=��/p�n9~UJ\y<+bcb|�}!FW&lh&rNf8U[ۉ��Z$|Za�2{>�uzY}S`Jh^AHjTu�*%X&6��ΣVyxEissw�?4N?|j
AA�itn�-/ӹi (س'ul_��A̼�iD�`P3�CBgd�Wq,AOw�PVJJ9�MD7Hu20D��:�ў�IJ����[ �Le/vٲMA�2;,��_hjAt�b?xmw
u"2]01rly8h:)<�,Dǰ4t�;�l0�B��
|
IT Infrastructure 
