Share

Related Links

  • Krebs on Security
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Security researcher warns on remote administration tools (RATs)
    Security researcher Brian Krebs is reporting that malware-installed remote administration tools (RATs) are starting to arrive in the cybercriminal threats arena.
  • The murky mechanics of spam harvesting and list seller operations explained
    If you're careful when publicising and giving out your new private email address, then you'll be surprised to see your mailbox filling up with spam. Now security researcher Brian Krebs reckons he has the answer, and it's not as clear-cut as you might think.
  • A dummie's guide to botnet rentals
    Botnets – swarms of infected PCs controlled by a command-and-control server(s) – are becoming big business for cybercriminals and now security researcher Brian Krebs has detailed how crimeware professionals are now renting out sub-swarms for cash.
  • Security researcher reports SpyEye and ZeuS gangs have merged
    Unconfirmed reports that the hacker coding gang behind the ZeuS trojan are now working with their SpyEye counterparts gained credence last night when security researcher Brian Krebs reported on the move.
  • How to take down rogue ISPs
    McAfee has released the sixth edition of its security journal and has been fortunate enough to have a feature contribution from ex-Washington Post IT security writer Brian Krebs, who has written about his experiences in taking down ISPs and botnets that support cybercriminal activity.
  • IT security products fail to tap Windows security features
    Security writer Brian Krebs says he has conducted a straw poll and analysis of the top IT security applications and found that large numbers of them fail to utilise the standard security features of Microsoft Windows.

Top 5 Stories

News

Researcher claims Rustock botnet author looked for Google job

02 June 2011

Security researcher Brian Krebs has made the interesting assertion that the suspected Rustock botnet creator has been looking for a job with Google.

According to Krebs, Microsoft has revealed a software engineer and mathematician as a possible suspect in the search for the author of the Rustock spambot – and who aspired to be hired by Google.

"In its Second Status Report (PDF) filed last week with a district court in Seattle, Microsoft said it inquired with virtual currency provider Webmoney about the owner of an account used to rent Rustock control servers", he says in his latest security blog.

Webmoney has, he adds, reportedly confirmed that the account was affiliated with a man named Vladimir Alexandrovich Shergin.

"Microsoft also mentioned another suspect, 'Cosma2k' possibly named Dmitri A. Sergeev, Artem Sergeev, or Sergey Vladomirovich Sergeev", notes Krebs, who claims to have been conducting his own research.

Microsoft, he says, helped to dismantle Rustock in March after a co-ordinated and well-timed 'stun' targeting the spam botnet's infrastructure, which was mainly comprised of servers based in US hosting facilities.

Two weeks after that takedown, the researcher reports that he tracked down a web hosting reseller in Eastern Europe who acknowledged renting some of those servers to the apparent Rustock author.

As reported previously by Infosecurity, that reseller shared the Webmoney account number used to purchase access to the servers, and Russian investigators that Krebs spoke with confirmed that the account had been registered by a Russian named Vladimir Shergin.

"By consulting a leaked database I obtained last year of the top earners for Spamit.com – at the time the world's largest rogue online pharmacy network – I discovered that the same Webmoney account was shared by three of the top ten Spamit affiliates", he reports.

The electronic breadcrumbs reportedly then led to a Spamit affiliate who used the pseudonym 'Cosma2k' with a linked email address – ger-mes@ger-mes.ru.

And the site hosting that address, Krebs notes, includes a CV with a picture of a young man holding a mug, apparently named 'Sergeev, Dmitri A.', who says 'I want to work in Google.'

Microsoft, says Krebs, seems determined to bring the Rustock malefactors to court. "Maybe the mug shot in this resume will help to identify at least one of them", he added.

This article is featured in:
Compliance and Policy  •  Data Loss  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×