No honour among thieves
We hear plenty of stories about crooks scamming us and stealing our credit card details, but it also seems the crooks are not averse to stealing from each other.
For people who want to be internet criminals but don't have the skills to construct their own fake phishing sites, there are phishing kits available on the internet underground which provide menu driven systems for creating fake bank sites. These kits even include copies of logos and style sheets from the real bank websites to make the fraud even more convincing. Then all the wannabe criminal has to do is mail out his million phishing emails and sit back and wait for the stolen credit card data to come rolling in.
However, researchers at the University of California who managed to get hold of 353 phishing kits and analysed the inner workings of them discovered that around 30% of them had some form of back door code hidden inside them, and covertly emailed copies of all the stolen information back to the original authors. Other exploits included trying to steal control of any botnets operated by the would-be phisher.
Computer crime remains lucrative and hard to prosecute because of its international nature but more and more police forces are cooperating to address this problem. Following a tip-off, Netherlands police have arrested two brothers in the appropriately named Dutch town of Sneek. The brothers, aged just 16 and 19, were arrested shortly after they had sold a botnet of around 50,000 compromised PCs to a buyer in Rio de Janeiro for $25,000. The buyer has also been detained in Brazil and is awaiting extradition to the USA.
15th August 2008