Remove 2011 Remove Accountability Remove Internet
article thumbnail

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

Cyber intelligence platform Constella Intelligence told KrebsOnSecurity that the operns@gmail.com address was used in 2016 to register an account at filmai.in , which is a movie streaming service catering to Lithuanian speakers. The username associated with that account was “ bo3dom.” com back in 2011, and sanjulianhotels[.]com

article thumbnail

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “ fullz ,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address. ” MICROBILT.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

Kilmer said Faceless has emerged as one of the underground’s most reliable malware-based proxy services, mainly because its proxy network has traditionally included a great many compromised “Internet of Things” devices — such as media sharing servers — that are seldom included on malware or spam block lists.

Malware 274
article thumbnail

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

According to Constella, this email address was used in 2010 to register an account for a Dmitry Yurievich Khoroshev from Voronezh, Russia at the hosting provider firstvds.ru. 2011 said he was a system administrator and C++ coder. NeroWolfe seems to have abandoned all of his forum accounts sometime in 2016. Image: Shutterstock.

article thumbnail

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

Cyber intelligence firm Intel 471 reports that obelisk57@gmail.com was used to register an account on the forum Blacksoftware under the nickname “ Kerens.” has been associated with the user Kerens on the Russian hacking forum Exploit from 2011 to the present day. ” Meanwhile, the Jabber address masscrypt@exploit.im

Malware 251
article thumbnail

Google disrupts the Glupteba botnet

Security Affairs

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. The IT giant also removed 1,183 Google accounts, 908 cloud projects, and 870 Google Ads accounts used by the operators. Pierluigi Paganini.

Backups 137
article thumbnail

Zloader, another botnet, bites the dust

Malwarebytes

There are a lot of those because the ZeuS banking Trojan source code was leaked in 2011, and so there’s been plenty of time for several new variants to emerge. A sinkhole is a way of redirecting malicious internet traffic so that it can be captured and analyzed by security professionals, and are often used to seize control of botnets.

Backups 141