Pump-and-dump scams involve hyping the value of a cheap/worthless stock by advertising it heavily over the internet using spam. Typically, the stock is bought by the attacker who then sends out the mails to hype the stock, which creates buying interest, and then the attacker sells all their stock, cashing in on the falsely inflated value.

In this case, the defendant had allegedly hired people to use botnets to distribute his messages. The botnets were also used to compromise private accounts so that these could be used to buy up large amounts of the stocks in question. He also faces charges from sending spam.

Full story is here http://www.theregister.co.uk/2010/10/21/pump_and_dump_botnet/

Andrew Lee
CTO, K7 Computing

Network forensics firm NetWitness claim to have discovered the ‘Kneber’ botnet, which is claimed to gather log-in information for financial systems, social networking sites and email systems, back in January but have noted a significant increase in its prevalence within commercial IT systems in recent weeks.

Further investigations have revealed a widespread compromising of both commercial and government systems around the world.

Amit Yoran, chief executive of NetWitness, claimed that conventional malware protection and signature-based intrusion detection systems, which check threats against databases of known viruses, are becoming inadequate as large-scale compromises of enterprise networks reach epidemic levels.

“Cyber criminal elements like the Kneber crew target and compromise thousands of organisations across the globe. Those that have not kept pace with the rapid advances of the threat environment will not see this Trojan until the damage occurs,” he said.

Alex Cox, a principal analyst at the company, who was responsible for uncovering Kneber, added that the scale of the threat has ramifications for the entire industry.

“When we detected the correlation between the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on threats such as Zeus,” he said.

The information has allowed researchers to discover key details on the workings of the notorious Torpig botnet, a network of zombie computers used to collect sensitive user information such as credit card details and login information.

Within the data, researchers found more than 297,000 unique login credentials (defined as a username and password pair) from 52,540 unique machines infected with the Torpig virus. More than 8,200 of these were for Google profiles whilst login credentials for Facebook, Myspace, Yahoo and Italian ISP Alice also featured prominently.

To capture the information, the Torpig virus attaches itself to programmes such as Mozilla Thunderbird, Skype, Microsoft Outlook, ICQ, Internet Explorer and Firefox. After monitoring keystrokes, the malware automatically uploads new data to servers controlled by the authors eery 20 minutes. Researchers also found that due to the discreet way in which it operates, Torpig is able to capture information before it is encrypted by secure socket layer (SSL).

The report also highlighted a notable lax attitude towards password security from the users of infected machines, with 28% of users using the same login credentials for several sites or services. The authors of the report suggested that users were not taking enough steps to prevent themselves from malware, such as secure passwords or updated antivirus software.

“The victims of botnets are users with poorly maintained machines that choose easily guessable passwords to protect access to sensitive sites,” stated the report. “This is evidence that the malware problem is fundamentally a cultural problem.

“Even though people are educated and understand well concepts such as the physical security and the necessary maintenance of a car, they do not understand the consequences of irresponsible behaviour when using a computer. Therefore, in addition to novel tools and techniques to combat botnets and other forms of malware, it is necessary to better educate the Internet citizens so that the number of potential victims is reduced.

The British public service broadcaster, which will air the BBC Click programme on Saturday, could have been in breach of the UK’s Computer Misuse Act 1990 when it bought the botnet – effectively a network of PC’s infected with malware which can be used to spread spam of other forms of malicious software, such as adware or spyware.

Under the act, it is a criminal offence to gain access another person’s computer, or to alter data or functions on that computer, without the owner’s permission. The maximum penalty for the offence stands at two years imprisonment although it is believed that the BBC is unlikely to be prosecuted as there was no criminal intent in the exercise.

The investigation looked at how botnets are used to distribute spam emails, with two test email accounts set-up for the purpose of the test receiving thousands of spam emails within the space of a few hours.

The investigation also allowed the BBC to launch a denial of service attack on a test web server.

After the demo attacks were complete, the BBC left messages on the infected computers used in the botnet telling them they were infected and offering information on how to secure their systems, and then disabled the botnet.