Hackers use frequent flyer miles as currency

Kaspersky Lab also says the notorious banking Trojan ZeuS is being introduced into the smartphone market.

Unsatisfied with stealing bank account information from their victims, cybercriminals steal frequent flyer miles, too. The miles are used as currency among some of the miscreants, according to a report released today by the malware fighters at the Kaspersky Lab.

"In one IRC [Internet Relay Chat] message, a cybercriminal was selling access to a Brazilian botnet that sends spam in exchange for 60,000 miles, while, in another message, air miles were offered for stolen credit cards," Kaspersky analyst Vyacheslav Zakorzhevsky wrote in the company's monthly malware statistics report.

"This coincides with our predictions for 2011 in which we stated that cybercriminals would be interested in all kinds of information and ready to steal absolutely everything," he added.

Google Anti-Hacking Move

One of the most remarkable events during July, the report said, was Google's exclusion of more than 11 million URLs from the ".co.cc" domain, which is fourth largest domain in the world. "The reason for such drastic measures was due to the domain’s URLs regularly being used by cybercriminals to spread rogue antivirus programs or conduct drive-by attacks," Kaspersky reported.

The ".cc" domain belongs to the Cocos Islands. The "co.cc" belongs to a company in South Korea.

"The popularity of .co.cc among cybercriminals is explained by the fact that the domain registrar allows third-level domain names to be registered for free or for a very low price," the report noted.

"Our research shows that Google’s offensive has indeed resulted in cybercriminals using the .co.cc domains less frequently; however, they have merely started using the services of other domain zone registrars," it added.

"Therefore," it reasoned, "it is difficult to say how successful Google’s campaign has been. There is also the chance that legitimate, law-abiding domain owners have been inadvertently affected by Google’s actions."

Smartphone Trojan Woes

Another notable development in July cited by the report was the introduction of a version of the notorious banking Trojan ZeuS into the smartphone market. According to the report, nearly three quarters (73.9 per cent) of the infections from the mobile form of ZeuS, which is called ZitMo, are in phones running the Symbian operating system. This is followed by phones running Android (28.26 per cent), Windows CE (23.91 per cent), and Blackberry (4.35 per cent).

Kaspersky explained that ZitMo is designed to steal one-time pass codes, called mTans, sent by a bank to an account user's phones via short-text (SMS) message. "If a user’s computer is infected with ZeuS, and the mobile phone is infected with ZitMo, the cybercriminals gain access to the victim’s bank account and can intercept the one-time transaction password sent by the bank to the user," the report said. "In this case, even authentication using mTAN codes cannot prevent the victim’s money from being stolen from their bank account."

The report also noted that one of the largest leaks of personal data in the history of the Russian-language Internet occurred in July. Some 8000 text messages sent by subscribers of the mobile phone carrier MegaFon surfaced in the cache of the Russian search engine Yandex and were in the public domain for several hours, Kaspersky reported.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersGooglesecurityPhoneskaspersky lab

More about GoogleKasperskyKasperskyMegaFonSymbian

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place