Multi-Purpose Botnet Used in Major Check Counterfeiting Operation

[Peaches]

<h1 style="margin: 0in 0in 0.0001pt;"></h1>

Multi-Purpose Botnet Used in Major Check Counterfeiting Operation

Sent job spam, made fraudulent purchases and abused webmail services

By Lucian Constantin, Security News Editor

July 29th, 2010, 20:29 GMT

Researchers from Atlanta-based security company SecureWorks have uncovered a major check counterfeiting operation, which resulted in a $9 million fraud. The fraudsters used a botnet designed to automate a wide variety of tasks, from money mule recruitment to scraping processed checks repositories.

The gang, which researchers call "the BigBoss group", began its operation by using a variant of the notorious ZeuS trojan, one of the preffered tools of cyber fraudsters. An interesting aspect of this particular Zbot version was that it established a VPN connection with the command and control server in order to bypass NAT restrictions.

The fraudsters later abandoned ZeuS and used the VPN code to create a new trojan, which they distributed to the infected computers. This new botnet played a central role in the whole scheme by being used to automate key tasks.

For one, the gang used it to harvest email addresses from recruitment websites and spam them with fake job offers. This was done to enlist money mules from the United States, that would later cash in the counterfeit checks and wire the money out of the country. But to send spam, the cyber crooks required webmail accounts, which were also registered with the botnet's help; the whole process leveraging a CAPTCHA-breaking service.

The infected computers were then ordered to scrape various processed check repositories for images of scanned checks. These were later printed using off-the-shelf hardware and software to create counterfeit copies.

More here: http://news.softpedia.com/news/Multi-Purpose-Botnet-Used-in-Major-Check-Counterfeiting-Operation-149819.shtml