New advances in the fight against SPAM

Good news in relation with the fight against on-line fraud. Looks like, at last, the time has arrived for domain registrars to start the first decisive steps against the black market of fake medicines and the like.

The regulation for domain name registration stipulates that the information provided to register a domain should be real, accurate and complete.

The lead has been taken by USA registrars. China stepped up efforts by preventing individuals from register a domain name ending with .cn unless they have a business license to prove they're a bona fide company.

We all know the different uses than can be given to these domains.

Theses first measures could end up in spammers taking their websites out of the country. European registrars should be on the alert for cases like these. Indeed, spammers have been for a long time:

-Move your registrations to other countries that do not behave like they are have the only consumers on the internet. We moved registrations to several places, all outside USA, a year ago when we could see this coming.-
(post found in a forum for spammers)

This new advances in the fight against spam are taking shape in the enforcement of the registrars' Terms of Service. This is a clear sign that the APWG recommendations have started to bear fruit. We all hope that these measures are applied with common sense, without harm to us users.

Remember: a scam is not done just by receiving an e-mail containing an "urban legend", "funny video" or dozens of e-mail addresses clearly visible in the CC field. The real fraud only occurs when the spam recipient takes a step forward and gives money, information or access credentials, which unfortunately happens too often. The use of BCC should be more common.

Emilio Casbas
S21sec e-crime

The end of the chain

The current market of malware – especially the branch dedicated to banking Trojans and theft of financial data – has evolved into two main paradigms:

- Closed organizations, very secretive groups in charge of managing all stages of the fraud process. They are behind the most advanced Trojans, like Sinowal.

- Opaque decentralized networks, where no real communication exists between the “cells” or nodes of the criminal network. In addition, no one is at the helm, and the cells have a high degree of independence. This way, the last links of the distribution chain are almost or completely unaware of what's going on in other parts of the structure, and shutting down or arresting one of the components has little impact on the rest of the network.

The second model is the most successful one.

No doubt we all remember the DarkMarket case, a well-known, FBI-operated underground forum where all kinds of illicit items were traded. There are many examples of this type of forum. Ghostmarket used to be one of them. Focused on England, it was specialized in bank credentials and card information exchange. This forum once enjoyed great popularity among rookie scammers, many of them quite young, who saw in it a chance to make a quick buck while covered by a cloak of immunity – they thought the police wouldn’t lift of finger for petty crimes like theirs.

Nevertheless, it has been recently disclosed that Ghostmarket was broken into in early July.

Afterwards, it was shut down and investigated by the police. The following is the administrator’s farewell letter:


In relation to this – or maybe not – two further arrests have recently been made. This time, the criminals were linked to a Zeus botnet.

The assumed immunity was only that – assumed. Some of these youngsters have even ordered goods paid with stolen credit cards to be delivered home - their real home.
I hope that from now on, if not morals, then at least fear can help appease the greed of these newbies who make up the end of the chain, the last and least protected part of the criminal network.

Vicente Díaz
S21sec e-crime

Social Networks: Digital Voyeurism

The winter is approaching. Along come the coldness to the watershed of Navarre and the boring evenings at home. In such situations, it’s easy to start thinking about many things. In my case, I have been thinking about the social network boom. One can easily find today the perfect network for each type of person: alive or dead, beautiful or ugly, young or old, men or women, and so on. The main objective of these networks is to store a gigantic amount of personal information featuring varying degrees of quality and reliability, with the clear benefit of users feeding them for free. But what is the reason behind storing so much data? In my opinion, it is all about knowledge. We are living in a time where knowledge is a precious good. All raw data can be transformed into knowledge using, for example, data mining techniques. This knowledge tells us about, for example, the preferences of a certain group of people. I will focus in this post on the amount of truth in this data. For this purpose, I decided to test something first; I randomly changed most of my private personal data in my social network profiles, mixing true and false information in order to assess the impact on my cyber-friends.

The first changes were made in Tuenti and Facebook. In the former, the experiment was not so successful because all the changes I made on my profile were not posted on my friends’ main boards. For this reason, I decided to try again with Facebook. As a result, I have been receiving tons of comments throughout the past weeks; private messages, SMS, etc. With just a simple change I have caused an interesting reaction among my pals.