Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

German Authorities Shut Down Cybercrime Ring's Web Forum

Forum sold identity-theft tools, swapped information about malware and manufacturing phony credit cards

Mar 05, 2009 | 11:30 AM

By Kelly Jackson Higgins
DarkReading

Law enforcement officers in Germany have pulled the plug on a notorious Web forum where cybercriminals exchanged malware and password-stealing tools.

The Landeskriminalamt police Internet crime unit announced that it had shut down the www.codesoft.cc forum, which had been used by cybercriminals to swap information on malware, spyware, and making phony credit cards, according to Sophos.

A 22-year-old Swiss man -- known online as "tr1p0d" and the alleged leader of the site -- reportedly sold password-stealing malware. Police confiscated from tr1p0d's apartment incriminating hard drives and codesoft.cc's database of users and IP addresses.

Two German men, both in their 20s, as well, are suspected of infecting some 80,000 computers around the world with tr1p0d's so-called "Codesoft PW Stealer" Trojan, which steals passwords. They also allegedly sold the stolen data to other cybercriminals.

The stolen data was found on a server hosted at a German ISP, which led authorities to the two German suspects, according to a published report. The server housed user names and passwords of the victim machines, as well as online banking, auctions, or online payment account information.

"Obviously the authorities will be keen to identify victims as they put their case against the suspects together, and the public are being reminded of the importance of changing their passwords if they have been compromised," blogged Sophos' Graham Cluley.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message


Subscribe to RSS










Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:suse linux
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Vulnerability:bind
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.


Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)