Ne’er-Do-Well News – Computer Security Articles

Meet the World’s Biggest ‘Bulletproof’ Hoster

July 16, 2019 admin 0 Comments AbdAllah, Alexander Alexandrovich Volosovik, Alexander Volosovyk, Breadcrumbs, bulletproof hosting providers, chronopay, Delft University of Technology, Downlow, Dutch National High-Tech Crimes Unit, Intel 471, Jason Passwaters, King Saud University, MaxiDed, Mikhail Rytikov, Ne'er-Do-Well News, New York University, sosweet, stas_vl@mail.ru, Web Fraud 2.0, Yalishanda

Credit to Author: BrianKrebs| Date: Tue, 16 Jul 2019 15:34:31 +0000

For at least the past decade, a computer crook variously known as “Yalishanda,” “Downlow” and “Stas_vl” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers. What follows are a series of clues that point to the likely real-life identity of a Russian man who appears responsible for enabling a ridiculous amount of cybercriminal activity on the Internet today.

Independent Krebs

Is ‘REvil’ the New GandCrab Ransomware?

July 15, 2019 admin 0 Comments Cisco Talos, gandcrab, Intel471, kaspersky lab, Ne'er-Do-Well News, rEvil, Sodin, Sodinokibi, Tesorion, The Coming Storm

Credit to Author: BrianKrebs| Date: Mon, 15 Jul 2019 15:58:30 +0000

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”

Independent Krebs

Who’s Behind the GandCrab Ransomware?

July 8, 2019 admin +7-951-7805896, A Little Sunshine, Breadcrumbs, dedserver, gandcrab ransomware, hottabych_k2@mail.ru, Igor Prokopenko, kaspersky lab, metall2, Ne'er-Do-Well News, oneiilk2, oneillk2, sec.service@mail.ru

Credit to Author: BrianKrebs| Date: Mon, 08 Jul 2019 17:27:42 +0000

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Independent Krebs

Tracing the Supply Chain Attack on Android

June 25, 2019 admin Android, blazefire, Breadcrumbs, Chu da, Chuda, Dr. Web, google, Haagen, Hagen, Hsu Heng, Ltd., Ne'er-Do-Well News, Shanghai Blazefire Network Technology Co Ltd., Shanghai Bronze Network Technology Co., Shanghai Qianyou Network Technology Co., Shanghai Tongjue Network Technology Co., Shanghai Wildfire Network Technology Co., The Coming Storm, tosaka1027@gmail.com, Triada malware, Wildfire, yehuo

Credit to Author: BrianKrebs| Date: Tue, 25 Jun 2019 15:24:29 +0000

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “Yehuo” or “Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.

Independent Krebs

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

May 30, 2019 admin A Little Sunshine, Canada's Anti-Spam Legislation, CASL, Ne'er-Do-Well News, Neil Barratt, Security Tools

Credit to Author: BrianKrebs| Date: Thu, 30 May 2019 22:21:47 +0000

Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software.

Independent Krebs

Account Hijacking Forum OGusers Hacked

May 18, 2019 admin A Little Sunshine, Ace, Ne'er-Do-Well News, ogusers, Omnipotent, RaidForums, SIM swapping

Credit to Author: BrianKrebs| Date: Sat, 18 May 2019 13:44:20 +0000

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

Independent Krebs

Feds Target $100M ‘GozNym’ Cybercrime Network

May 16, 2019 admin Alexander Konovolov, Avalanche, Eduard Malancini, Farkhad Rauf Ogly Manokhim, Gennady Kapkanov, GozNym, Konstantin Volchkov, Krasimir Nikolov, Ne'er-Do-Well News, Vladimir Gorin

Credit to Author: BrianKrebs| Date: Thu, 16 May 2019 22:05:30 +0000

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name.

Independent Krebs

A Tough Week for IP Address Scammers

May 15, 2019 admin American Registry for Internet Numbers, Amir Golestan, ARIN, John Levine, Micfo, Micfo LLC, Ne'er-Do-Well News, Sherri Lydon, Stephen Ryan, The Coming Storm, The Internet for Dummies

Credit to Author: BrianKrebs| Date: Wed, 15 May 2019 22:09:12 +0000

In the early days of the Internet, there was a period when Internet Protocol 4 (IPv4) addresses (e.g. 4.4.4.4) were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out the prized digits. With the value of a single IP hovering between $15-$25, those registries are now fighting a wave of shady brokers who specialize in securing new IP address blocks under false pretenses and then reselling to spammers. Here’s the story of one broker who fought back in the courts, and lost spectacularly. On May 14, South Carolina U.S. Attorney Sherri Lydon filed criminal wire fraud charges against Amir Golestan, alleging he and his Charleston, S.C. based company Micfo LLC orchestrated an elaborate network of phony companies and aliases to gather more than 735,000 IPs from the American Registry for Internet Numbers (ARIN), a nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.

Independent Krebs

Nine Charged in Alleged SIM Swapping Ring

May 10, 2019 admin Ne'er-Do-Well News

Credit to Author: BrianKrebs| Date: Fri, 10 May 2019 17:02:56 +0000

Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target’s phone number and diverting all texts and phone calls to the attacker’s mobile device. From there, the attackers simply start requesting password reset links via text message for a variety of accounts tied to the hijacked phone number. All told, the government said this gang — allegedly known to its members as “The Community” — made more than $2.4 million stealing cryptocurrencies and extorting people for restoring access to social media accounts that were hijacked after a successful SIM-swap.

Independent Krebs

Feds Bust Up Dark Web Hub Wall Street Market

May 3, 2019 admin @feruccifrances, dark web, McGregor W. Scott, MED3LIN, Ne'er-Do-Well News, The Coming Storm, Wall Street Market, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 03 May 2019 16:48:36 +0000

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — in exchange for not publishing details of the transactions.

Independent Krebs

Who’s Behind the RevCode WebMonitor RAT?

April 22, 2019 admin A Little Sunshine, Alex Yücel, Blackshades RAT, Breadcrumbs, Krabsonsecurity, Ne'er-Do-Well News, Ratsit AB, RevCode, WebMonitor, WebMonitor RAT

Credit to Author: BrianKrebs| Date: Mon, 22 Apr 2019 19:43:02 +0000

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

← Previous