It's a well known fact that in September 2008 police began arresting alleged members of Dark Market and this operation ended with 60 arrest around the world. It shows how other countries are cooperative with FBI to track down cyber criminals. FBI agent J. Keith Mularski who spent two years infiltrating the group and help FBI to catch those culprits.

According to Mularski, who known as "Master Splynter" on that forum, most of them are missed guided, they could have been security experts. I think this is the definition of good, it will be good till you want to use it for good else it is danger. Anyway, I am going to share some inside story about DarkMarket.WS here. I heartily thank to F-Secure to help me to get those old screenshot.

Here is the old look:

Here is the current look with new domain:

It is interesting to see that the forum owner change the domain (actually redirect). That means the FBI activity yet not able to crack their fearless mind.

They still trading Credit Card details, DDOS Attack, Keylogger, Virus, Trojan. I just see all hated items are there. One of those (Çağatay Evyapan from Turkey) who arrested also do many organize crime including Kidnapping.

Here is some interesting details:

DarkMarket.WS 

Expiration Date: 2017-06-05

Creation Date: 2006-06-05

Last Update Date: 2009-04-16

Registrant: 

   Katz Global Media 

   32 Maxwell Road #03-07 

   Singapore, SC 069115 

   Singapore 

Domain servers in listed order: 

      NS53.DOMAINCONTROL.COM 

      NS54.DOMAINCONTROL.COM 

MyBazzar.WS

Expiration Date: 2009-12-20

Creation Date: 2007-12-20

Last Update Date: 2009-03-25

Registrant: 

   Katz Global Media 

   P.O Box 35267 

   Tucson, Arizona 85740 

   United States 

Domain servers in listed order: 

      NS115.IP-ASIA.COM 

      NS116.IP-ASIA.COM 

I hope you notice the expiration day difference between old one and current one. Also the registrant description noticeable too. According to news FBI able to host DarkMarket.WS on their own server after misguiding the actual owner. However I unable to find information about current server but according to IP location it now hosted on Malaysia server.

Anyway, here is some old screenshot collected from F-Secure Blog:

Read more...

As we all know, twitter attacked by a worm and twitter administrator yet not able to control it. The problem is this XSS / CSRF worms actually modify peoples profile to infect more users. Its work like a chain system or referral marketing system.

You click an infected person name and you will get the gift of worm in your profile. When someone click on your profile the gift copied to his/her profile.

The attack has been credited to 'Mikey', who also the administrator of twitte like site Stalkdaily. Its look like he try to catch some twitter user. I think, twitter growing famous make him to choose that way. How many of you knew the name Stalkdaily before this? So I am sure that advertising is the main purpose.

I able to grab an image how it work. 

If you click any of the picture you will get infected. It is good to see twitter shut down its search engine. Here I get a doubt after neglecting Google and choosing Microsoft offer the attack is happened. Not only that we twitter believe that twitter search engine can compete Google search engine in some extend. So is this attack is master mind to stop twitter search engine? We have to think about that.

Here is another image of Mr. Mikeyy taken from a social site.

This is not the end. The attack now transforms it look to bit.ly short url. Infected users are sending twitte like this: "How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1S" and many genuine users re-twitting it to help other without knowing the fact. The bit.ly link got redirect back to Twitter, to user reberbrerber's profile. Which will infect Twitter users who would view it.

The url get over 18000 times at 5:08 AM Apr13, 2009 EST according to f-secure.

So how we will protect ourselves from it?

As this warm transfer from profile to profile. It is better not to visit any one profile right now, till the problem get fixed. And check any url before re-twitting. This two till now is best practice to avoid infection of this warm.

Read more...

Its look like cyber criminal not going to giveaway a single opportunity to harm others. Trend Micro today reported that in this eve of Easter cyber-criminals attempting to exploit the occasion for their own malicious work.

A malicious website with the keyword Easter is poisoned search result. This site offering SEO (Search Engine Optimization) and trapped people by offering boost on  their page rank. The source says according to evidence this campaign maintained by well known Russian/Ukrainian cybercrime organization.

What it do? It uses a JavaScript to redirect the victim to a fake antivirus site where a malware named TROJ_FAKEAV.BAF is downloaded. This malware will encrypt your file and then asked a ransom to get it back.

I yet not able to manage the name of the site. My advice is, beware on your search result and don't go any unknown site related to Easter and SEO same time. I will try to update this topic with more information as soon as I mange to get it.

Read more...

Everyday when I open the cover of my daily newspaper, I found Credit Card or Debit Card fraud news periodically. The bad things is yet people not able to learn how to be safe in online banking. After reading more than 10 similar cases I bring this conclusion that only sincerity can help these people. Here I am going to share some cases of fraud in internet. I just change the name of the person for  their security.

Nasir from Kolkata register on freelotto.com and then play a free game. Interestingly he get a winning email after some hour and asked for Credit Card payment to confirm his address. The poor fellow don't ever try to search on internet about freelotto.com and to get the huge amount of money he submit his Credit Card number and as a return he lost almost $1000. To confirm that they are scams I register there too yesterday and play a game and oh my luck I win and as a bonus I also getting some email where some people saying my email won huge amount. This is really a fun to watch not to believe.

Vikram from Kolkata go to a cyber cafe and do an online transaction but this poor fellow forget to log out and as a result he lost everything. It is good to know that Indian government is now more aware after terrorist attack and now everyone should show there identity before going to use internet from cyber cafe.

Sathen again from Kolkata lost his money. When investigator investigates the case they found that a short circuit camera was placed on that ATM using which the culprit get is Debit Card log in number and then making a false Debit Card with similar number they take all the money. Hope fully all the bank now put their own Short Circuit Camera in ATM, that definitely help to find out those culprits.

The most buzz news in newspaper is, Credit Card Fraud. The racket is well placed in both online and offline. Akhil Dutta recently lost his money. He gets a call from bank(not real) and informed that they are upgrading there Credit Cards and on a schedule time they take the credit card and give him a false card. And the poor fellow lost all his money within an hour. The good news is CID crime cell able to catch that racket. 

So the point is how to be safe from all this activity? Here is my advise.

1. Always log out and don't confirm saving password when asked by browser in a public computer.

2. If you get any email about winning then always do a search on good search engine (ex. Google, Yahoo, MSN) about that email. I think it is better to search on sender email.

3. Don't supply your Credit Card to any third party if you don't know them.

4. If you get any email which you though scam but not find any information on net then asked about it on joewein.de or fraudwatchers.org or consumerfraudreporting.org or any such website to help other from spam.

5. Don't believe anyone when online or offline electronic transaction concern.

6. Don't believe any email from unknown sender and always give a search on search engine before doing any further activity.

7. Believe that your email or mobile number will never own any cash in online.

8. Believe that earning money is never easy.

Read more...

We are all loved free things and cyber criminals use this weakness to fulfill there purpose. Free means not only freeware; we have a tend to use warez and torrent site to get pirated content. There is two purpose of this, one is saving money and another is trying the product before going to buy it. This is not the end. We download file using p2p software like lemon share. All those download habit have a common thing that is security vulnerability. I spend sometime today to find out how this thing actually explore your security. I download a small software from torrent site and when I scan it I found win32 Trojan, now again I download a file from well known warez site and I get a good return in the name of Koobface trojan horse. However, it is very small thing in respect of p2p software uses. I use lemon share to check p2p and I not able to find a single .exe file which don't encrypt with a virus or trojan. So all those things bring one conclusion buy original software and download freeware from original source or from reputed source. If you love freeware then I recommend Softpedia and Cnet Download.

Read more...