Pittsburgh Tech Guy

After a criminal hooks a victim or takes over a victim’s computer, there are many ways to make money. Here are eight schemes that cybercriminals use to make money off their victims.  Again, thanks to Sophos.com for the summary.

Selling products
The most basic way to make money from any sort of malware, spam or website compromise is to sell a product. Criminals simply set up a store and use infected websites and spam to deliver promotions and advertisements to drive traffic to a virtual storefront.

Many of these operations are not just false-front businesses. They ship sham products pretending to be Viagra, Rolex watches, Gucci handbags and various pirated software packages.

Stealing login details
The purpose of phishing spam messages is to convince you they come from someone you know or trust. Criminals use social engineering techniques borrowed from real brands to collect usernames and passwords associated with high-value websites like PayPal, banks, Facebook, Twitter, Yahoo and web-based email services.

It’s easy for criminals to imitate these companies as everything online is digital. They simply steal real communications from the victim companies and redirect the links to bogus webpages. As a percentage, phishing emails are an increasing threat taking advantage of a user's lack of awareness of hacking attacks and data breaches.

Pay-per-click fraud
After compromising a user's computer the criminals can download malware that manipulates Internet traffic. They divert the victim’s clicks to advertisements located on the criminals’ webpages. The criminals make money from ad networks by generating traffic to their customers’ ads.

Fake security software
Often referred to as fake antivirus, these programs are designed to behave in the exact opposite way of traditional malware: noisy, annoying and flashy. Fake antivirus works by convincing the user they are at risk of infection after visiting a compromised webpage that secretly installs the fake antivirus on their computer.

The criminals typically charge around US$100 for the fake antivirus software to “clean up” the infected computer. But the fake antivirus doesn’t clean up threats—it is a threat. And the criminals can make even more money off the victim by offering extended support and multi-year offers. Fake security suites target Windows, Mac and even Android users.

Ransomware
Cybercriminals can use ransomware to encrypt your documents, boot sector or other important component of your PC and hold it hostage until you pay a ransom. The ransomware often uses modern cryptographic algorithms, and only the criminals possess the keys to unlock your files. If you want your stuff back, you have to pay up.

Traditionally ransomware was almost exclusively Russian, but recently we’ve seen these gangs targeting North America, Europe and Australia. A new variation plaguing Internet users in 2012 is a fake law enforcement warning suggesting your federal police authority has detected child pornography on your computer. The warning tells the victim their computer has been locked and they must pay a $100 fine to unlock it.

Social media spam
Delivering email messages to our inbox is harder than ever. Spam filters block more than 99% of it before it can see the light of day. And users can spot the fake names on spam that gets through. Social media sites like Facebook and Twitter have been an attractive place for spammers to move.

The criminals can purchase access to stolen user credentials or convince users to spread fraud for them. They benefit from your social capital—the more friends and followers you have, the more people can be spammed by the criminal using your account. Users are far more likely to click a message about winning a free iPad or losing 30 pounds on a miracle weight-loss plan if it comes from someone they know and trust.

Banking malware
A highly specialized industry has popped up around capturing authentication information to access online financial institutions. While it started as simple key-logging software designed to capture your username and password, it has led to an advanced game of cat and mouse between criminals and banks.

Modern banking Trojans are available for devices running BlackBerry, Windows, Android and more. These Trojans can capture SMS messages and record videos of your screen while you log in, uploading YouTube-like videos for the criminals to see. One gang busted by the FBI in 2011 attempted to steal nearly $220 million from victims.

Premium-rate SMS fraud
Rather than ask you for your credit card or attempt to withdraw money directly from your bank account, many social media spammers and mobile phone malware authors use SMS services. When you answer a survey on Facebook asking for your mobile phone number to notify you if you are a contest winner, they are signing you up for a premium-rate SMS service. Pirated apps for your Android may come with a little something extra, a program that will start sending SMS messages to premium rate numbers at your expense.

Special thanks to Sophos.com for putting this little summary together.  Reposting as a public service so that you have a better handle on how it works.

The point of nearly all malware is to make money. Cybercriminals have many methods to monetize their activity. Fortunately, the criminals must take many steps for the entire process to work. Every step along the way is another opportunity for us to break the chain needed for their efforts to be profitable.

The first step for cybercriminals is to find victims. Here are the six primary ways cybercriminals ensnare unwitting victims in their nets and compromise their computers for criminal purposes.

1. Spam: The monetization of malware started primarily with email spam. Peddling pills, fake watches and Russian brides is still a profitable practice for many criminals. Although spam volumes have begun to drop, spammers send billions of messages every day hoping that just a small percentage will make it past spam filters and convince a few folks with their guard down to make a purchase. While malware is still sent attached to some messages, it has largely moved to the web.
2. Phishing: Attackers use email for more than just spam promoting products and services. Email is the preferred method to deliver phishing attacks. These can vary from emails pretending to be from your bank or email service providers in order to steal your account details, to targeted attacks attempting to gain access to your company's internal services.
3. Social media: Many spammers have migrated from email spam to social media spam. Users are more likely to click links in commercially motivated spam if it appears to come from a friend or colleague on services like Facebook and Twitter. Breaking news and popular features on these networks can lead curious victims to click on unsafe links.
4. Blackhat SEO: Scammers continue their cat and mouse game with Google and Bing to manipulate search engine results, which we call Blackhat SEO or SEO poisoning. This leads to “poisoned” search results about many popular topics, including front page results leading to exploits, malware and phishing sites. For more information on SEO poisoning, read our technical paper from SophosLabs.
5. Drive-by downloads: The largest number of victims are delivered into the hands of these thieves simply by visiting websites containing exploits known as drive-by downloads. SophosLabs sees 30,000 new URLs every day that expose innocent surfers to a variety of code attempting to exploit vulnerabilities in their operating systems, browsers, plugins and applications.
6. Malware: Worms, viruses and other malware files still serve their masters well. While they are less common today than they were 10 years ago, opportunistic crooks still exploit malware to infect exposed systems and recruit people's computing devices for their own purposes.

The DNS Changer malware problem is over, at least for everyone who is reading this post.  If you are, then your computer is fine.  I would like to thank the national media for scaring the pants off of everyone with this issue.  Estimates had no more than 300,000 at most potentially impacted.  Now we can move on to more traditional malware attacks!

With all apologies to my students today, I was asked about the DNS changer problem that is suppose to come down next week, I forgot to answer the question.  If you suspect or want to check to see if your computer is a potential victim of the problem, go to DNS Changer Check Up to find out.  Simply going to the website will give you the answer you need if you are concerned your system is compromised.

If you are unaware of what the problem is, here is the Cliff Notes version.  DNS Changer is malware.  This malware modifies a computer’s Domain Name Service (DNS) settings and thereby directs the computers to receive potentially improper results from rogue DNS servers hosted by the malware authors.  In short, if you are compromised, when you enter an internet address into your browser, you may be sent to a different website than what you intended. 

If you are a victim, follow this link for information on how to "Clean" your computer.  The steps are relatively simple....and free!  Do not pay anyone to fix this problem unless you do not feel comfortable doing it yourself.  Keep in mind, it costs nothing to fix the problem, so do not fall for anyone telling you that you have to buy something to fix the problem.

Probably not, but when you type in a URL and the web page loads, everything seems so simple. Peel back the layers, however, and you see a complex delivery system built around data packets. Watch this informative video to see how your web requests actually work.

Courtesy of The World Science Festival, we find this well put together video demonstrating how a trans-Atlantic web page request works.

I had a dilemma, I was tired of buying a new camera every couple of months.  My primary job involves taking pictures, lots of them, in different locations.  A problem with this is that you frequently drop the camera, which I did, a lot.  I bit the bullet and decided to drop some coin on a "rugged" camera, as it's called in the marketing domain.  I found the Nikon AW100 and my official one week review is that it is a great camera, but I guess I should reserve comment on that until after I drop it.  Ironically, CNET came out with a full review a couple days after I purchased it.  At least it was a good review.  Check out the review here.