IT Security & Network Security News & Reviews: Botnet Boon: How Scammers Cash In
Botnet Boon: How Scammers Cash In
by Fahmida Y. Rashid
Rob the Bank: Zeus Trojan
Clicking on links in spam or opening malware attachments lets the Zeus Trojan compromise vulnerable browsers. The Trojan captures log-in credentials and stealthily siphons off small amounts of money from the bank account. The FBI arrested a gang that stole $70 million from bank accounts this year.
Steal Plastic, Not Cash
Phishing e-mails asking users to re-enter credit card numbers to "confirm" an existing order or to get in on a special deal expiring soon are a sure-fire way to get those numbers stolen. While some thieves go shopping with the numbers, most just turn around and sell them elsewhere.
Cisco Security Intelligence Operations responded to a pharmaceutical spam to see what was being sold. They received harmless placebos, pills made of unknown compounds and actual counterfeits that were chemically the same as brand-name drugs. Fake pharma generates an estimated $3.5 million a year, said Symantec.
Fake Antivirus Software
There are a number of fake antivirus scams out there, where users are shown pop-ups and official-looking messages indicating their PC is infected. They are then prompted to buy antivirus software for $70 to "clean up" the "infection." According to Comodo's Abdulhayoglu, fake antivirus software easily brings in $160 million a year.
Steal Game Assets
Online gaming is a money-maker for criminals, too. Players either pay real-world cash or play longer to earn in-game prizes and intangible objects. Spam spreads malware that steals game credentials and objects for resale on a secondary market. Symantec said one gang made at least $140,000 off gaming items.
Threaten a Denial of Service
A throwback to the 1930s and the Mob's "protection racket," this is uncommon yet very lucrative: "Pay or we will force you out of business." Attackers threaten to flood a business's Website via a botnet with a denial-of-service attack unless that business agrees to pay a ransom.
Help, I Am Stranded!
After a user clicks on a spam link, a Trojan executes and sends SOS messages to every single contact of that user saying that he or she was robbed and is now stranded in some foreign country with no money to get home. Even if that note comes from Uncle Wally, don't rush to Western Union!
Despite the jokes and the idea that "everyone" knows about it, this scam still dupes enough users. It's not always Nigeria (China, Korea and Iraq are some of the other countries), but the message is the same: Give us your bank account info and we will give you gobloads of money.