There has been a 67% increase in the volume of spam e-mail since August according to the U.S. Joint Task Force- Global Network Operations. The largest portion of this increase was tracked back to Russian cyber crime groups and a campaign called "pump and dump." This tactic touts "thinly held, low price, stocks." In its less severe form, the "pump and dump" scheme seeks to convince recipients to buy a certain stock that was purchased cheaply by the attacker. If enough recipients buy the stock, the attacker can sell for a profit.

Beware of internet frauds...

In the more devious variant, the attacker sends a notice apparently from the recipient's on-line trading company stating that he/she must log on to his/her trading account or some awful action will be taken (e.g., "log on now or your account will be deactivated").

The link to the on-line trading website provided in the email is false, however, and leads to an attacker-established website built to resemble the real trading site. When the victim logs in the attacker obtains his/her username and password. The attacker then uses that information to break into the victim's account, liquidate their stock holdings and purchase shares of the cheap stock.

Enough of these attacks forces the price of the cheap stock up and the attacker sells his own shares for a substantial profit. JTF-GNO reports that a botnet of 73,000 PCs was used in the recent campaign. A botnet is a network of enslaved victim computers called "bots" that are forced to send spam on behalf of the attacker. The botnet is so valuable to the criminal gangs that often they will try to detect other botnet software on a computer from a rival gang and get rid of it before installing their own software.

Attackers also commonly fix security holes on the victim's computer after they are in so that other attackers can't gain access to the machine. The most valuable targets are computers with fast Internet connections. Gangs are now warring over control of these assets.

The Russian government has recognized the military value of the criminal cyber gangs' activities and has supposedly entered in negotiations with some of them to obtain their botnet knowledge and technology for military use. Some of this government-backed cyber activity may have been observed recently in Kyrgyzia. Over 400,000 computers in Kyrgyzia were knocked offline for several hours by a distributed denial of service attack carried out through a botnet. Although the attack apparently emanated from outside the country, insiders believe it was perpetrated by the Kyrgyz secret police in an effort to disrupt pro-democracy groups seeking honest elections.

Source: AFIO