RSS Archive Contact Us Advertise

IT Management Begins With Security
SecurityProNews > News > Security News > New Botnets Hit IMs For IDs From Online Shoppers And PayPal
Search:
[ news_security_news ]

New Botnets Hit IMs For IDs From Online Shoppers And PayPal





2006-03-16

SecurityProNews: News RSS Feed Security News RSS Feed


It looks like yet another route is getting hit by cybercriminals, this time in the form of botnets raiding instant messaging clients for personal information tied to Online Shoppers and PayPal.

Acting on an anonymous tip, researchers have uncovered two "botnet" networks that collectively represent up to 150,000 compromised computers, one of which is being used as a vehicle to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords. The operators could potentially launch these scans from any computer on the botnet to mask their actual location.

More than 40 unique files were identified, many designed to take advantage of social engineering techniques, stored passwords, auto-complete data and vulnerable payment systems. Relevant files and information on a large number of "at risk" credit card accounts have been provided to federal authorities.

Facetime Security Labs rates this particular Trojan as high risk and warns people to be careful when clicking on links in instant messenger conversations:

If an end user clicks on a malicious link passed to them via Instant Messaging, Remote Administration Server, a commercially available application produced by Famtech, is automatically installed via a "beh.exe". The install is designed to hide the application in the systray with no interaction from the end user. Once this application is installed, the end user's computer is compromised and can be accessed remotely, at which point additional malware applications are installed on the desktop.

One application of note is "Carder," a perl script designed specifically to uncover exploits in several shopping cart applications including Comersus Cart, CactuShop, CCBill and others that are used by many popular ecommerce sites. If a vulnerability is identified by this file, the backend database containing credit card and account information (e.g. credit card numbers, home addresses, usernames and passwords) may be stolen off the ecommerce site. Personal information may also be stolen from the infected PC itself through Protected Storage PassView from NirSoft, another application that may be remotely loaded onto infected PCs.


Get all the updates - click this link:

Add to | DiggThis| Yahoo My Web





About the Author:


More news_security_news Articles

SecurityProNews: News RSS Feed Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds