*A massive gang of hip, globetrotting Russian twenty-somethings. Presumably most of the people in the StormWorm "Zhelatin Gang" also look like this.
http://www.fbi.gov/wanted/alert/newyork2.htm
*Lotta women in that group. Nonviolent finance crime is attractive.
*They took a hit, but they're still out there.
via SANS:
TOP OF THE NEWS
–Dozens Charged in Connection with ZeuS-Enabled Bank Fraud
(September 30, 2010)
Authorities on both sides of the Atlantic have charged dozens of
people in connection with massive bank fraud using the ZeuS Trojan
horse program. US authorities charged 92 people believed to have been
involved in cyber attacks that stole more than US $200 million from
bank accounts over the last four years. (((You have to wonder how
that impressive sum was divvied up. That's over two million dollars
a piece, and, given that most of them are probably mules, where did
the big money go? You could run an intelligence agency for that kind
of jack. You could buy an army of Anna Chapmans.)))
In the UK, authorities
arrested 20 people who are believed to have stolen GBP 6 million (US
$9.5 million) in just three months using ZeuS. While the charges in
the US may have dealt a blow to the scheme's operations, the code's
developers, those who run the back-end servers and the scheme's
masterminds remain at large.
http://online.wsj.com/article/SB10001424052748704483004575523811617488380.html?mod=WSJ_hps_LEFTWhatsNews#
http://www.computerworld.com/s/article/9189019/Feds_hit_Zeus_group_but_the_brains_remain_overseas?taxonomyId=17
http://www.infoworld.com/t/malware/governments-take-zeus-the-god-cybercrime-393
http://www.reuters.com/article/idUSN3019563220100930
https://www.wired.com/threatlevel/2010/09/zeus-raid/
http://www.theregister.co.uk/2010/09/30/zeus_money_mules_charged/
http://money.cnn.com/2010/09/30/technology/cyber_crime_charges/index.htm
http://news.cnet.com/8301-27080_3-20018177-245.html?tag=mncol;title
[Editor's Note (Honan): Well done to all involved and hopefully more
arrests will follow. Unfortunately the Zeus botnet is still very
active with the Zeus Tracker website showing there are still 170 C&C
servers online https://zeustracker.abuse.ch/]
–ZeuS Turns to LinkedIn as Vector of Infection
(September 29, 2010)
In what has been described as "the largest such attack known to
date," miscreants attempting to spread ZeuS malware have been sending
malicious LinkedIn contact requests to users of the social networking
service. When users click on the link in the phony invitation, they
are sent to a web page that asks them to wait, during which time
ZeuS is downloaded onto their computers. ZeuS lurks in browsers
and harvests sensitive personal information, like online banking
login credentials.
http://darkreading.com/security/attacks/showArticle.jhtml?articleID=227501020&subSection=Attacks/breaches
