zombies

Best headline ever

From Entertainment News, 21 March 2004:

“Zombies Push Jesus from Top of North American Box Office”

(About Dawn of the Dead and The Passion of the Christ)

Prices for zombies in the Underground

From Byron Acohido and Jon Swartz’s “Going price for network of zombie PCs: $2,000-$3,000” (USA TODAY: 8 September 2004):

In the calculus of Internet crime, two of the most sought-after commodities are zombie PCs and valid e-mail addresses.

One indication of the going rate for zombie PCs comes from a June 11 posting on SpecialHam.com, an electronic forum for spammers. The asking price for use of a network of 20,000 zombie PCs: $2,000 to $3,000. …

To put a zombie network to work, an attacker needs a list of targets in the form of e-mail addresses. Lists can be purchased from specialists who “harvest” anything that looks like an e-mail address from Web sites, news groups, chat rooms and subscriber lists. Compiled on CDs, such lists cost as little as $5 per million e-mail addresses. But you get what you pay for: Many CD entries tend to be either obsolete or “spam traps” — addresses seeded across the Internet by spam-filtering companies to identify, and block, spammers.

Valid e-mail addresses command a steep price. In June, authorities arrested a 24-year-old America Online engineer, Jason Smathers, and charged him with stealing 92 million AOL customer screen names and selling them to a spammer for $100,000.

Credit cards sold in the Underground

From David Kirkpatrick’s “The Net’s not-so-secret economy of crime” (Fortune: 15 May 2006):

Raze Software offers a product called CC2Bank 1.3, available in freeware form – if you like it, please pay for it. …

But CC2Bank’s purpose is the management of stolen credit cards. Release 1.3 enables you to type in any credit card number and learn the type of card, name of the issuing bank, the bank’s phone number and the country where the card was issued, among other info. …

Says Marc Gaffan, a marketer at RSA: “There’s an organized industry out there with defined roles and specialties. There are means of communications, rules of engagement, and even ethics. It’s a whole value chain of facilitating fraud, and only the last steps of the chain are actually dedicated to translating activity into money.”

This ecosystem of support for crime includes services and tools to make theft simpler, harder to detect, and more lucrative. …

… a site called TalkCash.net. It’s a members-only forum, for both verified and non-verified members. To verify a new member, the administrators of the site must do due diligence, for example by requiring the applicant to turn over a few credit card numbers to demonstrate that they work.

It’s an honorable exchange for dishonorable information. “I’m proud to be a vendor here,” writes one seller.

“Have a good carding day and good luck,” writes another seller …

These sleazeballs don’t just deal in card numbers, but also in so-called “CVV” numbers. That’s the Creditcard Validation Value – an extra three- or four-digit number on the front or back of a card that’s supposed to prove the user has physical possession of the card.

On TalkCash.net you can buy CVVs for card numbers you already have, or you can buy card numbers with CVVs included. (That costs more, of course.)

“All CVV are guaranteed: fresh and valid,” writes one dealer, who charges $3 per CVV, or $20 for a card number with CVV and the user’s date of birth. “Meet me at ICQ: 264535650,” he writes, referring to the instant message service (owned by AOL) where he conducts business. …

Gaffan says these credit card numbers and data are almost never obtained by criminals as a result of legitimate online card use. More often the fraudsters get them through offline credit card number thefts in places like restaurants, when computer tapes are stolen or lost, or using “pharming” sites, which mimic a genuine bank site and dupe cardholders into entering precious private information. Another source of credit card data are the very common “phishing” scams, in which an e-mail that looks like it’s from a bank prompts someone to hand over personal data.

Also available on TalkCash is access to hijacked home broadband computers – many of them in the United States – which can be used to host various kinds of criminal exploits, including phishing e-mails and pharming sites.

Even worse spam is coming

From Spam Daily News’s “Spam zombies from outer space“:

Spammers could soon use zombie computers in a totally new way. Infected computers could run programs that spy into a person’s email, mine it for information, and generate realistic-looking replies.

John Aycock, an assistant professor of computer science at the University of Calgary, and his student Nathan Friess conducted new research that shows it is possible to create a new type of spam that would likely bypass even the best spam filters and trick experienced computer users who would normally delete suspicious email messages.

There are two key reasons why spam is suspicious to anti-spam filters and human targets alike. First, it often comes from an unrecognized source. Second, it doesn’t look right.

The evolution of spam zombies will change this. These new zombies will mine corpora of email they find on infected machines, using this data to automatically forge and send improved, convincing spam to others.

The next generation of spam could be sent from your friends’ and colleagues’ email addresses – and even mimic patterns that mark their messages as their own (such as common abbreviations, misspellings, capitalization, and personal signatures) – making you more likely to click on a Web link or open an attachment.

What features can be easily extracted from an email corpus? There are four categories:

1. Email addresses. The victim’s email address and any other email aliases they have can be extracted, as can the email addresses of people with whom the victim corresponds.

2. Information related to the victim’s email program and its configuration. For example, the User-Agent, the message encoding as text and/or HTML, automatically-appended signature file, the quoting style used for replies and forwarded messages, etc.

3. Vocabulary. The normal vocabulary used by the victim and the people with whom they correspond.

4. Email style.

  • Line length, as some people never break lines;
  • Capitalization, or lack thereof;
  • Manually-added signatures, often the victim’s name;
  • Abbreviations, e.g., “u” for “you”;
  • Misspellings and typos;
  • Inappropriate synonyms, e.g., “there” instead of “their”;
  • Replying above or below quoted text in replies.

Zombies from China attack Internet

From Computerworld‘s “Army of zombies invades China“:

China’s rapid Internet growth has brought with it a somewhat disturbing side effect: multiplying zombies up to no good.

Zombies, or Internet-connected computers infected by worms or viruses and under the control of a hacker, are used to launch denial-of-service (DoS) attacks, or send spam or phishing e-mails. An average of 157,000 new zombies are identified each day, and 20% of these are in China, security company CipherTrust Inc. reported this week.

… “Criminals look for a weaker link, so places like China, or anywhere behind the U.S. in terms of computer literacy, are a good target,” Stanley said.

China’s fast-growing Internet population is also an attraction, he said. As of January, there were 94 million Internet users in the China, up 18% from the year before, according to the China Internet Network Information Center (CNNIC).

A cared-for mummy

From “Mummified woman died naturally“:

A woman whose mummified body was dressed in a white gown and placed in front of a television for 2½ years died from heart disease. …

Officials never suspected abuse or foul play after finding Johannas Pope, 61, in her Madisonville home Jan. 4.

Pope told her caretaker, Kathy Painter, she didn’t want to be buried because she believed she would come back to life. …

Painter left Pope’s body in a chair in an air-conditioned room on the second floor of their Davies Place home.

Investigators learned that Painter took care of Pope’s body – trying to preserve it.

Owens said Painter put on gloves and removed the maggots from Pope’s body daily.

He said she used bug spray when they became too numerous to remove by hand. Investigators found 17 cans of bug spray in the house, he said. …

Painter even bought Pope new clothes just before officials discovered her body.

“She bought new clothes because she thought this was the time period she was coming back,” Owens said.

Family members kept a window air conditioner running to keep Pope’s body cool until about two months ago, when it broke, Owens said. Heating vents were covered during winter.

Some friends and relatives who visited were told Pope was upstairs, ill, Owens said. …

There is no Ohio law mandating the reporting of a dead body.

Zombies! 100s of 1000s of zombies!

From The New York Times‘ “An Army of Soulless 1’s and 0’s“:

Officials at the F.B.I. and the Justice Department say their inquiries on the zombie networks are exposing serious vulnerabilities in the Internet that could be exploited more widely by saboteurs to bring down Web sites or online messaging systems. One case under investigation, officials say, may involve as many as 300,000 zombie computers …

In one recent case, a small British online payment processing company, Protx, was shut down after being bombarded in a zombie attack and warned that problems would continue unless a $10,000 payment was made, the company said. It is not known whether the authorities ever arrested anyone in that case. …

More than 170,000 computers every day are being added to the ranks of zombies, according to Dmitri Alperovitch, a research engineer at CipherTrust, a company based in Georgia that sells products to make e-mail and messaging safer. …

Mr. Alperovitch said that CipherTrust had detected a sharp rise in zombie computers in recent months, from a daily average of 143,000 newly commandeered computers in March to 157,000 in April to 172,000 last month.

He said that the increase was attributable to two trends: the rising number of computers in Asia, particularly China, which do not use software to protect against zombies and the worldwide proliferation of high-speed Internet connections.