[SecurityRatty] tag: sentence

On Idiots and Logs

Fri, 15 Aug 2008 07:51:00 +0000

How on Earth can someone even utter the phrases "scalable log management" and "Microsoft Access for data storage" in one sentence? OMG, OMG, OMG...

MS Access, for God's sake! I wonder if they tried storing logs in Excel spreadsheets?

Yeeeeesh.

AOL phisher gets seven-year sentence

Wed, 13 Aug 2008 20:00:00 +0000

A West Haven, Conn., man has been sentenced to seven years in prison for masterminding a phishing scheme that targeted AOL users over a four-year period.

Spamming Deterrent?

Wed, 13 Aug 2008 09:38:22 +0000

It’s a harsher sentence than that handed to some spammers,
but is it enough? Have your say at
http://www.virusbtn.com/news/polls/index

clipped from www.virusbtn.com

Is 47 months imprisonment sufficient punishment for a convicted spammer?

It seems like a pretty tough sentence but there’ve been quite a few big arrests/trials/tough sentences and it doesn’t seem to be putting these people off - all these ’spam kings’ are repeat offenders with long histories of fines and sentences but they keep on doing it.

AOL phisher gets seven year sentence

Wed, 13 Aug 2008 09:00:00 +0000

A West Haven, Connecticut, man has been sentenced to seven years in prison for masterminding a phishing scheme ...

Speed Cameras Record Every Car

Wed, 23 Jul 2008 01:32:47 +0000

In this article about British speed cameras, and a trick to avoid them that does not work, is this sentence:

As vehicles pass between the entry and exit camera points their number plates are digitally recorded, whether speeding or not.

Without knowing more, I can guarantee that those records are kept forever.

Are Stolen Credit Card Details Getting Cheaper?

Tue, 15 Jul 2008 11:36:12 +0000

What is shaping the prices of stolen credit card details? The investments the cybercriminals or real life scammers ( through credit card cloning or ATM skimming) put into the process of obtaining the details, or can we even talk about investments being made where an experienced scammer has just purchased 1GB of raw credit cards data from a novice botnet master who isn't really aware of the actual value of his "botnet output"?

Depends on which economic theory you believe in, or whether or not you'll take the "bottom-up approach" or the "top-down" one. And since I'm not aware of the existence of "the invisible hand of the underground market" and centralized power to increase the supply or decrease it to boost prices for the stolen credit card details, also indicating the existence of underground cartels putting everyone in a "price taker" position.

The basics of demand and supply for anything underground will always apply unless of course, The more they want, the cheaper it gets, the less they want, the higher the price on per credit card basis gets, since the investment on behalf of the malicious party that originally stolen them is virtually the same, and he can theoretically break-even in every single case since the credit card details were obtained efficiently. It's up to the seller to follow or entirely ignore economic behavior, and do what they feel like doing with this good which must on the other hand reach its market liquidity as soon as possible, else it becomes obsolete. The current market model can be further explained as a good example of competitive equilibrium :

"Competitive market equilibrium is the traditional concept of economic equilibrium, appropriate for the analysis of commodity markets with flexible prices and many traders, and serving as the benchmark of efficiency in economic analysis. It relies crucially on the assumption of a competitive environment where each trader decides upon a quantity that is so small compared to the total quantity traded in the market that their individual transactions have no influence on the prices."

This can be easily explained in a single sentence - it's a mess and every participant is doing whatever they want to, so generalizing on the prices charged for stolen credit card numbers would be unrealistic, since it's the price a single seller with no real impact on the "average" market price for the same good. As for the average market price itself, it would be hard to measure it depending on the quality of the sample you want to rely on, since this is a type of market where sellers don't have to report price changes in their goods for the purpose of statistical research.

A recently released report by Finjan, with whom I've been on the same page of several high profile incidents so far, touches this very same topic :

"Prices charged by cybercriminals selling hacked bank and credit card details have fallen sharply as the volume of data on offer has soared, forcing them to look elsewhere to boost profit margins, a new report says. Researchers for Finjan, a Web security firm, said the high volumes traded had led to bank and credit card information becoming "commoditized" - account details with PIN codes that once fetched $100 or more each might now go for $10 or $20. In its latest quarterly survey of Web trends, the California-based company said cybercrime had evolved into "a major shadow economy ruled by business rules and logic that closely mimics the legitimate business world."

Excluding the presence of price discrimination for a while, as well as open topic offers in the lines of "how much for X amount of Y?" answered as "how much are you willing to pay?", it's all a matter of the seller in a particular situation.

Furthermore, in real-life market there's always the scarcity problem, however, in the underground market there's no shortage of resources despite the ever growing wants of the buyers. Generalizing even more, take for instance the butterfly effect of a price change in petrol, and result of which is inevitable increase of prices in every single aspect of your life, but in the underground market mostly due to the malicious economies of scale achieved, a price increase in renting a botnet would have no effect in the prices charged for the stolen credit card details obtained through the infected hosts. How come? Basically, the price and resources for malware infection are prone to decrease, if we take a malware infected host as a static foundation for the basis of any upcoming cybercrime activities using it.

Perhaps the most disturbing part is that the market for stolen credit card details is so mature, and its entry barriers so low these days, that the confidential data that cannot be efficiently obtained through real-life means like credit card cloning or ATM skimming on a large scale, is now purchased online for the purpose of abusing it in real-life by embedding the valid information into plastic cards.

Judge puts off 'spam king' sentencing

Mon, 14 Jul 2008 20:00:00 +0000

A federal judge in Seattle on Monday did not sentence Robert Soloway, the man known as the spam king, because all of the scheduled witnesses did not have time to take the stand, even after two full days of testimony.

Even the Rich and Famous pay the price for being Dishonest and Unethical

Sun, 29 Jun 2008 12:05:00 +0000

All of our courses - in the U.S. and over seas, begin with the same message - ETHICS is the keystone of our profession and our success. It's a shame that famed litigator - Richard "Dickie" Scruggs forgot that lesson.

In yesterday's Washington Post, the headline reads; "Famed Litigator Gets 5-Year Term for Conspiracy to bribe Judge". For those who are not familiar with him, Scruggs became one of the wealthiest and most famous lawyers in the country by taking on tobacco, insurance and asbestos companies.

What did he do? Well, for starters (and what they were able to prove), he attempted to bribe Lafayette County Circuit Court Judge Henry Lackey by offering him $50,000.00. U.S. District Judge Neal Biggers Jr., called Scruggs' conduct "reprehensible" and told him that he picked the wrong Judge to bribe. In addition to the 5 year jail term, he was fined $250,000.00 and lost his law license.

You really got to love it when Justice is rightfully served. Unfortunately, it makes me wonder how many more sleazy lawyers around the country and unethical Judges are not getting reported and prosecuted. It is a little too hard to believe that Scruggs is the only dirt-bag in the legal profession. We welcome the message it sends out; "nobody is above the law".

Like most, if not all common criminals, Richerd Scruggs became greedy. In 1990, Scruggs became famous for suing tobacco companies and winning lawsuits that resulted in a $206 BILLION dollar settlement. If his take of that was just 10%, he walked away with a cool $20.6 Billion dollars. A film was even made about the case - "The Insider" starred Al Pacino and Russell Crowe.

A decade later he is trying to bribe a Judge with $50,000? I would say it was a combination of greed and power going to his head. Maybe that is why the "Post" reported that he nearly fainted and swayed from side to side when the Judge scolded him. He had to sit down before the sentence was read out. He must have believed that he was untouchable.

It's just a shame that he wasn't touched with a heavier sentence. A twenty year sentence would have sent out an even more powerful message. Still and all, the idea of wearing a prison jumpsuit and eating balogna sandwiches is probably like a life sentence to someone who believed themselves to be above the law.

The article claims that many high profile friends petitioned Judge Biggers for leniency when sentencing Scruggs. He's lucky I am not the warden at his jail. I think he would be a perfect candidate for the toilet cleaning squad.

Mission Statement for Federation

Thu, 26 Jun 2008 06:35:35 +0000

Bruce Sterling (11/20/2001):

You know what I want? I don't want a National ID Card. I want a Global Coalition Visa.

Like it or not, we've got a huge global diaspora now. It is a fact of life. Nations with stupid and corrupt politics have seen their clever people brain- drained away, to places where the cops don't shake you down twice a day. And jet-setters go everywhere. And properly so. If you're in a true global society, then you spend a lot of your time among aliens. Quite often you are the alien. You might notice that even Al Qaeda is a genuinely multinational group. They gravitated to wicked, lawless places like Sudan, Chechnya and Afghanistan, where the locals shoot you if you ask for a badge.

But what about all us bright, shiny, world-trading jet setters, huh? There are thirty percent fewer Yankees in Europe this Christmas, and that is bad. Let me pose the problem this way. If I am going into a Japanese restaurant in Japan, I would rather like to be able to haul out some gizmo and flash it at my fellow civilians, and have these kindly people understand with a high degree of likelihood that I am not a mass murderer. On the contrary, I am quite civilized, and I should be brought a beer immediately.

A platinum VISA card and a five-hundred-dollar suit will almost do that, but those are too easy to forge and steal, plus they are not very democratic. The UN should get together on this. We should have a high level summit about digital hardware support for the crippled tourist economy. Fear and ill treatment shut down tourism faster than anything short of open warfare. That is bad for all of us. Killing off tourism harms our civilization and impoverishes our cultures. People in civilized states shouldn't routinely treat one another as criminal suspects. I don't want to get done-over for three hours every time I get off a plane in London. When I go to London, I go with empty suitcases. I don't plan to stay, but I am better news for the London economy than a lot of the people who live there.

They should know all that that before I get off the plane. My arrival is excellent news for Britain, so I should be treated that way. If this is a new kind of war, I don't want to be the evil guy hunkered down in the bunker; I want to fly with the boys from Air Assault. I want one of those handy crypto-style Friend-or-Foe IDs.

These people who normally meet me whenever I am an alien, they don't need to know my nationality, my home address or my shoe size. They just need to know that, despite being alien, I'm sort-of okay.

I want a democratic, citizen-to-citizen device that will bridge those social barriers and language barriers. I think we could invent devices and means of verification that would strengthen the global social fabric that terrorism wants to rip. It wouldn't be easy or simple, but it's not beyond our ingenuity. Our social capital sustains all civilized societies, and it is all about trust. So let's invent new methods of trust.

I added bold to the last sentence because I think this is the mission statement for building out federation systems.

Malicious Doorways Redirecting to Malware

Sun, 15 Jun 2008 23:51:11 +0000

Blacklisting malicious sites in times when legitimate ones are starting to compete with bogus .info and .biz ones for the leading position of hosting and serving malicious content, is a bit of an outdated and reactive approach for protecting against unknown threats. However, a single malicious domain whose live exploits can be easily detected and consequently blocked, is often just a front end to a large domains portfolio whose malicious content may easily pass through web filtering and on-the-fly malware attempts. Even worse, a malicious domain often exists in multiple "alternate realities" since a single IP is hosting many other unique and related malware domains.

In this post, I'll assess a misconfigured malicious doorway, that is redirecting to ten different malware sites serving Zlob variants by delivering fake codecs that all the bogus adult sites require. The doorway is misconfigured in the sense of not recording the IP and checking the cookie set, in comparrision to every average web malware exploitation kit out there, which will not serve anything malicious when accessed for a second time since it's hashing the IPs that accessed it already. This is just the tip of the iceberg when it comes to the emerging evasive approaches applied to make the analysis of such doorways a bit more time and resources consuming. In a single sentence - there's evidence blackhat SEO-ers are starting to exchange crawling manipulation know-how with malware authors.

In this example we have bestxvids.info (87.118.116.11) which is reditecting to all-index.com/in.cgi?5 (87.118.116.11) a URL that's been actively spammed across forums and guestbooks vulnerable to automatic posting vulnerabilities (weak CAPTCHAs and web application vulnerabilities) which is then redirecting to the following fake codec domains on the fly, and since the redirection script isn't hashing my IP like the majority of well configured ones requiring the use of multiple IPs if we're to expose all the campaigns, it makes the investigation easier :

tubeuniverses.com/teen/index.php?id=1883 - (78.108.177.99)
new-content-s2008.com/freemovie/938/0/ - (72.21.53.218)
teens.0bucksforpornmovie.com/?id=4199 - (64.28.181.28)
getadultaccess.com/movie/?aff=5310 - (200.63.46.84)
hqtube.com/?7014000000 - (88.85.66.116)
supersharebox.com/softw/?aff=5310&saff=0 - (200.63.46.84)
scanner.shredderscan.com/5/?advid=4329 - (92.241.182.13)
myflydirect.com/1/5310/ - (200.63.46.84)
getadultaccess.com/movie/?aff=5310 - (200.63.46.84)
hotvidstube.com/teen/index.php?id=1883 - (78.108.177.99)
2008-adult-2008.com/freemovie/938/0/ - (72.21.53.218)
s-soft08freeware.com/download/502/938/0 - (91.203.70.18)

Where's the "alternate reality"? All of the following fake codec and adult sites serving Zlob variants, with minor exceptions of course, are also responding to the main IP of the redirector - 87.118.116.11 :

carsfoto.ru
cheapest-pharmacy.com
coolsexmovies.net
free-movie-xxx.net
gold-collection.biz
p-o-r-n-0.com
p-o-r-n-0.info
sexakaporn.com
stred.biz
stred.in
tosserhost.com
west-video-xxx.info
wowtofree.info

Shall we also expose the entire scammy ecosystem of Zlob variants, as always, sharing the same netblocks in order to keep it simple? But of course :

porn-youtube08.net
sextubecodec55.com
2008adult2008.com
adultstreamportal2008.com
newcontent-s2008.com
adultxx-18.com
newcontents2008.com
onlinestreamvide.com
2008adultstreamportal2008.com
newcontents2008.com
hot-pornotube2008.com
adult-youtube-8.com
2008adult-s2008.com
2008adultstreamportal2008.com
adult-freetube-8.com
adult18tube2008.com
adultstreamportal2008.com
free-porntube-8.com
gt-funny.com
gt-movies.com
gt-stars.com
hot-sextube.com
new-content-s2008.com
newcontent-s2008.com
newcontents2008.com
onlinestreamvide.com
porno-tube20008.com
pornotube-20008.com
pornotube20008.com
sex-18tube-2008.com
sex-tube-20008.com
sex-tube20008.com
sex18tube2008.com
sexi18tube2008.com
sextube18adult.com
sextube20008.com
streamadultvideo.com
xxxstreamonline.com

The bottom line - malicious doorways are slowly starting to emerge thanks to the convergence of traffic redirection and management tools with web malware exploitation kits, and just like we've been seeing the adaptation of spamming tools and approaches for phishing purposes, next we're going to see the development of infrastructure management kits, a feature that DIY phishing kits are starting to take into consideration as well.