Send a Message
to atheenalie

Comments

18

Joined

Dec 27, 2012

atheenalie Profile

Forums Owned

Recent Posts

Laval, QC

Microsoft uncovers Sefnit Trojan return after Groupon cli...

http://www.v3.co.u k/v3-uk/news/22970 27/microsoft-uncov ers-sefnit-trojan- return-after-group on-click-fraud-sca m The authors of the notorious Sefnit Trojan have resurfaced using advanced infection and click-fraud techniques to earn vast sums of money through bogus advertising, according to Microsoft. Microsoft antivirus researcher Geoff McDonald reported discovering an evolved version of the Sefnit Trojan, which takes money by targeting popular websites, such as Groupon. In a blog post on the company's Malware Protection Centre, McDonald wrote: "The Sefnit click-fraud component is now structured as a proxy service based on the open-source 3proxy project. The botnet of Sefnit-hosted proxies are used to relay HTTP traffic to pretend to click on advertisements. In this way, the new version of Sefnit exhibits no clear visible user symptoms to bring attention to the botnet. This allowed them to evade attention from anti-malware researchers for a couple years. "The Sefnit botnet uses the hosted 3proxy servers to redirect internet traffic and perform fake advertisement clicks. A recorded example of this click-fraud path is shown below by using the legitimate affiliate search engine Mywebsearch.com to simulate a search for ‘cat' and fake a click on an advertisement provided by Google to defraud the advertiser Groupon." He said the technique allowed the criminals behind the malware to increase the revenue they made using the scam. "The end result is Groupon paying a small amount of money for this fake advertisement ‘click' to Google. Google takes a portion of the money and pays the rest out to the website hosting the advertisement – Mywebsearch. The Sefnit authors likely signed up as an affiliate for Mywebsearch, resulting in the Sefnit criminals then receiving a commission on the click." A Groupon spokesperson told V3 the company actively monitors its network for any illicit activity. "We actively monitor our thousands of global affiliate marketers, and those who violate the rules are removed from the programme." McDonald said Microsoft uncovered evidence linking Sefnit to the Mevade malware used in the world's first large-scale Tor botnet. "Recently Trojan:Win32/Mevad e made news for being the first large botnet to use Tor to anonymise and hide its network traffic. Within a few weeks, starting mid-August, the number of directly connecting Tor users increased by almost 600 percent – from about 500,000 users per day to more than three million," he wrote. "Last week we concluded, after further review, that Mevade and Sefnit are the same family and our detections for Mevade have now been moved to join the Sefnit family." As well as its links to Mevade, McDonald said the attack is also using a host of new custom-built components to improve its infection rate. "This latest version of Sefnit shows they are using multiple attack vectors, even going as far as writing their own bundler installers to achieve the maximum number of infections that make this type of click fraud a financially viable exercise," he wrote. "The authors have adapted their click-fraud mechanisms in a way that takes user interaction out of the picture while maintaining the effectiveness. This removal of the user-interaction reliance in the click-fraud methodology was a large factor in the Sefnit authors being able to stay out of the security researchers' radars over the last couple of years." Sefnit is one of many variations of malware to receive technical upgrades in recent months. Earlier this month FireEye researchers reported discovering a reworked version of the Darkleech campaign targeting Java and Adobe vulnerabilities to spread the Reveton ransomware. Read Related Content Here: http://www.socialp hy.com/posts/off-t opic/23320/Abney-a nd-Associates-Frau d-Watch_-Watch-for -Internet-scams.ht ml http://www.topix.c om/forum/business/ TAFDGLA1AGHF339F5  (Oct 1, 2013 | post #1)

Hamilton, ON

Reviews by Abney and Associates, Code 85258081704

http://communities .ptc.com/groups/ab ney-associates-aa The US Federal Trade Commission has carried out a huge international crackdown on a number of "tech support" scams being run out of India which have conned people in the UK, US, Canada and elsewhere out of millions of pounds since 2008. As explained by the Guardian in 2010, the scams used "boiler room" tactics, dialling through phone books for English-speaking countries. People who answered the phone were told the call came from Microsoft or their internet service provider, and that the person's computer was "reporting viruses". The caller would then perform an unnecessary "fix" on the computer and charge the person for it – and sometimes sign them up to multi-year "support " contracts. The cost could run to hundreds of pounds. People in the US, UK, Canada, Australia and New Zealand were targeted because they, like the people carrying out the scam, are English-speaking. The Guardian understands that the scam was worth millions of pounds a year to the organised gangs carrying it out. At the FTC's request in six cases, a federal district judge froze the US assets of 17 people and 14 companies that have been accused of taking part in the operations. The FTC has also shut down 80 internet domain names and 130 phone numbers used in the US to carry out the scams. The FTC is seeking an end to the scams, and repayments for people who were conned out of money. Though the FTC said it could not put a figure on how many people had been scammed, or how much they had lost, Microsoft – which has been working with the commission for the past two years to try to catch the criminals – provided data on more than a thousand people who had been scammed, whose losses averaged $875 each. Microsoft has repeatedly pointed out that it would not call people about any problems with their computers. In some cases, the scammers would try to sell antivirus software from reputable companies, and in some cases would install new copies of Windows on a machine. However the licence key used on the software allowed Microsoft to trace it back to its buyer, which aided the investigation. The fraud occurred in several English-speaking countries. Joining the FTC in the enforcement action were the Australian Communications and Media Authority, the Canadian Radio-Television and Telecommunications Commission and the UK's Serious Organised Crime Agency. David Vladeck, director of the FTC's Bureau of Consumer Protection, said it was working with law enforcement officials in India to catch the alleged perpetrators. The commission has also referred the cases to the US justice department for possible criminal prosecution. Source: http://figment.com /books/637051-Abne y-Associates-FTC-c racks-down  (May 12, 2013 | post #1)

Hamilton, ON

Abney Associates News Blog Warning-Slideboom

http://www.slidebo om.com/presentatio ns/758714/Abney-As sociates-News-Blog -Warning-Newsvine Abney Associates News Blog Warning: Foiling Phishing With Authentication In its new report on using e-mail authentication to fight phishing attacks, BITS offers a list of best practices and recommendations, including expanded use of the DMARC security protocol. BITS, the technology policy division of The Financial Services Roundtable, believes that the Domain-based Message Authentication, Reporting and Conformance protocol plays a key role in mitigating phishing schemes. DMARC standardizes how e-mail receivers perform e-mailauthenticati on by providing a uniform reporting mechanism that's built on reputation. "DMARC is pretty helpful in a couple of different areas," says Andrew Kennedy, senior program manager for BITS' security initiatives, in an interview with Information Security Media Group [transcript below]. Kennedy sees DMARC as an overlay of the Sender Policy Framework [SPF] and DomainKeys Identified Mail [DKIM] protocols, which aid in e-mail authentication. "If there was an authentication failure for one of those protocols, it leaves you in the lurch if you don't have a policy in place to deal with that, and DMARC helps close the gap there," he says. Read also: http://www.shelfar i.com/groups/10186 5/discussions/4864 35/Reviews-by-Abne y-and-Associates-C ode-85258081704-%E 2%80%93-Edubl http://www.shelfar i.com/groups/10186 5/discussions/4861 74/Computer-securi ty-is-an-abstract- benefit-%E2%80%98- abney-and-ass http://www.good.is /posts/abney-assoc iates-news-blog-wa rning-foiling-phis hing-with-authenti cation http://hansximilai n.tumblr.com/post/ 49994056067/abney- associates-news-bl og-warning-foiling -phishing http://www.funnyju nk.com/funny_pictu res/4579839/Abney+ Associates+News+Bl og+Warning http://sertaberene r14.newsvine.com/_ news/2013/05/09/18 141023-abney-assoc iates-news-blog-wa rning-foiling-phis hing-with-authenti cation-funnyjunk  (May 9, 2013 | post #1)

Hamilton, ON

Hong Kong Cyber War Abney and Associates Internet

enjoyed reading your articles. This is truly a great read for me.  (Feb 20, 2013 | post #2)

Hamilton, ON

an abney associates technology

Greetings! I’m bored to death at work so I decided to browse your site on my iphone during lunch break. I really like the info you provide here and can’t wait to take a look when I get home. I’m surprised at how quick your blog loaded on my mobile .. I’m not even using WIFI, just 3G .. Anyways, very good site and posts too!  (Feb 3, 2013 | post #2)

Hamilton, ON

Ignored lessons in economic development

excellent article , covers a lot of ground i’ve found a great article. thanks.  (Jan 13, 2013 | post #2)

Hamilton, ON

ARTICLE - OSHA Instructors, bill abney and associates, ab...

A great day and a very explicit information.  (Dec 27, 2012 | post #3)