Spam down as scammers move elsewhere

According to Brian Krebs of Krebs on Security, the volume of junk email is way down from a year ago - down by as much as 90%, he notes, depending on who you speak to.

But, he notes, botmasters are not idly standing by while their industry is dismantled.

"Analysts from Kaspersky Lab [last] week published research on a new version of the TDSS malware (aka TDL), a sophisticated malicious code family that includes a powerful rootkit component that compromises PCs below the operating system level, making it extremely challenging to detect and remove", he says in his latest security blog.

Krebs goes on to quote Alex Lanstein, a senior security researcher with FireEye, which has assisted in botnet takedowns in the last few years, as saying that evolution of the TLD4 bot is part of the cat-and-mouse game played by miscreants and those who seek to thwart their efforts.

"But law enforcement agencies and security experts also are evolving by sharing more information and working in concert", he said, adding that takedowns can have an effect of temporarily providing relief from general badness, but lasting takedowns can only be achieved by putting criminals in silver bracelets.

According to Krebs, attacking the botnet infrastructure and pursuing botmasters are crucial components of any anti-cybercrime strategy.

Unfortunately, he says, not many security experts or law enforcement agencies say they are focusing their attentions targeting the financial instruments used by the criminal organisations.

Some of the best research on the financial side of the cybercrime underworld, he adds, is coming from academia, and there are signs that researchers are beginning to share information about individuals and financial institutions that are enabling the frauds.

"Recent studies of the pay-per-install, rogue anti-virus and online pharmacy industries reveal a broad overlap of banks and processors that have staked a claim in the market for handling these high-risk transactions", he said.

What’s Hot on Infosecurity Magazine?