Return of the Web Mob - ' Page 2 ' (
Page 2 of 2 )
Yury Mashevsky, a virus analyst at Kaspersky Lab, said there is even evidence of turf wars in the criminal underworld. "They use malicious programs that destroy the software developed by rival groups and include threats directed at each other, anti-virus vendors, police and law enforcement agencies in their creations," Mashevsky said, in Woburn, Mass.
He has also seen fierce online confrontation in the battle to control the resources of infected computers. In November 2005, Mashevsky discovered an attempt to hijack a botnet. "[The] network of infected computers changed hands three times in one day. Criminals have realized that it is much simpler to obtain already-infected resources than to maintain their own botnets, or to spend money on buying parts of botnets which are already in use," he said.
On message boards and newsgroups where malicious code is put up for sale, Mashevsky said flame wars and attacks against each other to steal virtual property amounts to normal everyday activity.
Dunham, who frequently briefs upper levels of federal cyber-security authorities on emerging threats, said there have been cases in Russia where mafia-style physical torture has been used to recruit hackers.
"If you become a known hacker and you start to cut into their profits, theyll come to your house, take you away and beat you to a pulp until you back off or join them. There have been documented cases of this," Dunham said.
One key aspect of Web mob activity that flies under the radar is use of "money mules," or individuals who help to launder and transfer money from hijacked online bank accounts.
On career Web sites such as Monster.com, a job listing for a "private financial receiver," "shipping manager," or "country representative" invariable is an active attempt to recruit people around the world to withdraw funds and deliver it to crime bosses, according to a detailed research report by iDefense on the so-called money mules.
Click here to read more about how hackers, extortion threats shut down a gaming site.
Money is transferred into the mules account, withdrawn as cash and then wired to an offshore account.
"Weve only scratched the surface of whats going on in the underworld. Its like the iceberg that took down the Titanic. No one knew how big and dangerous it was," Dunham said.
He cited the recent discovery of MetaFisher, also known as SpyAgent, a Trojan connected to a Web-based command and control interface that highlighted just how advanced the attackers have become.
"In just a few weeks, MetaFisher spread to thousands of computers. We found conclusively that these attacks were going on undetected for more than a year. Can you imagine the amount of data that has already been stolen? Its unimaginable," Dunham said.
Eric Sites, vice president of R&D Sunbelt Software, in Clearwater, Fla., showed eWEEK screenshots of the Web interface that showed specific targeted phishing attacks against European banks and keeps detailed statistics on actual bot infections around the world.
The interface also can be used to add exploits, keep track of anti-virus signature definitions and keep track of callback from injected machines.
"This isnt the work of the guy in the basement. This is organized and simplified to make it super easy to control all those bot drones," Sites said.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
/ 1 
