Category Archives: malware

loveme, kissme, catch me, try me.

Picture by dprotz used under Creative Commons

Yesterday evening the FBI issued a press release regarding the legal action against Aleksandr Andreevich Panin, a Russian national perhaps better known as “Gribodemon” and “Harderman”, the online aliases behind the notorious SyEye banking Trojan and Hamza Bendelladj a Tunisian national who went by the online moniker of “Bx1″. Panin has entered a guilty plea to the charges of conspiracy to commit wire and bank fraud, the charges against Bendelladj are still pending. The FBI press release gives thanks to Trend Micro’s Forward Looking Threat Research team for their assistance in the investigation.

Bendelladj is alleged to have operated at least one command and control server for SpyEye, although as our TrendLabs blog and our investigation make clear, his involvement seems to be far deeper. He was arrested at Bangkok airport on the 5th January 2013 and Panin was arrested on July 1 last year when he flew through Atlanta.

The FTR team at Trend Micro began a particularly focused investigation into the person or people behind SpyEye almost 4 years ago. Over the intervening period, we mapped out the infrastructure used to support the malware, we identified weak points in that infrastructure and pursued a number of important leads pointing to the identities of individuals behind this pernicious banking Trojan. Once we felt that we had sufficient information we involved law enforcement who drove it to the successful conclusion you see today.

Our ongoing research turned up a wealth of data, much of which it would be imprudent to share while legal action is still ongoing, however it might interest you to know that some of the most frequent passwords used by one of the accused include “loveme”, “kissme” and “Danny000″. I’ll let you draw your own conclusions regarding OpSec.

The arrests last year and yesterday’s guilty plea are another illustration that Trend Micro’s strategy of going after the people behind online crime, instead of simply the infrastructure they exploit, is the right one. You may more often see stories that a botnet has been “taken down” resulting perhaps in a massive drop in the number of infected computers or Spam, but these types of activity while laudable are only temporary. Criminals will very soon come back and often come back stronger, having learned from their previous failures, the network of compromised computers will be rebuilt and the crime spree begin anew.

As with DNS Changer, as with the Reveton Ransomware, Trend Micro has proactively provided information and assistance to law enforcement that has led to arrests of individuals rather than the simple switching-off of criminal computers. It is through activities such as these that we hope to fulfil our mission of creating a world safe for exchanging digital information.

The Bugs Don’t Work, apparently!

Under creative commons: Image by Peter Werkman

Two stories relating to Google’s Android OS caught my eye last week. First we saw Android Security Chief, Adrian Ludwig, presenting a last-minute paper at the Virus Bulletin conference in Berlin, entitled “Android – practical security from the ground up“. The second was no less than Eric Schmidt wading into the discussion and declaring Android to be “more secure” than its closest rival, Apple’s iOS. One could be forgiven for thinking there’s a charm offensive underway.
Continue reading

2020: looking to the future to secure our digital lives

mainbanner1a

Can you imagine what our society will look like at the end of the decade? How will we shop, socialize and consume services? How as businesses will we authenticate customers, manage our services and protect critical data from a growing array of increasingly sophisticated and determined adversaries? Of course, we don’t have all the answers at Trend Micro but we’ve taken a big step in the right direction with our 2020 web-series.
Continue reading