250,000 bots later…

…John Schiefer is pleading guilty to four federal charges related to fraud and wiretapping. Mr. Schiefer is only 26 years old:
Los Angeles hacker to plead guilty to infecting 250,000 computers to steal identities

One of the awful things about this case is that Schiefer was an “information security consultant” (or should we say con artist) for an L.A. company by the name of 3G Communications.
He is pleading guilty to charges based on his building a botnet of a quarter million systems, using those bots in order to steal user identities, and installing adware on those same users systems.

If true, the bots that he implemented scraped various user names and passwords. The software techniques most likely used by bots like these are nothing new at all. Bot source has been in wide circulation for this type of activity for years now. Almost all of it comes with a “pstore.c” file, complete with comments to describe the scraping code, like “IE AutoComplete”, “MSN Explorer Signup”, “IE Password-Protected sites”. This bot code is all written to steal the passwords that Internet Explorer components were designed to save for you in a secure manner in Windows protected storage.

ThreatFire has detected and prevented this sort of malware behavior for a looong time. Any software component that shouldn’t be looking through the protected storage in order to snag usernames and passwords is prevented from doing so.
You also can see an example report of spybot activity here at our Threatexpert site.

Some other techniques to steal paypal passwords that are in more current bots are being sold as a part of kits now as well. Hundreds of thousands of systems at the least were infected this past year by these commodity kits, and the numbers continue to increase.

Interestingly, Mr. Schiefer is from Los Angeles. Maybe he’ll spend some time with another California citizen, Jeanson James Ancheta, who received the “longest known sentence for a defendent who spread computer viruses” in May 2006.

This entry was posted in Privacy and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>