The Bayrob malware gang's rise and fall | ZDNet

clicks | 2 months ago | Google AI sentiment -0.20 | comments: discuss | tags: bitcoin

Article preview (bot search)

(Original link:

ZDNet Japan The Bayrob malware gang's rise and fall The story of how a talented computer science student and his friends created and ran a multi-million dollar botnet. | Topic: Security
Three Romanians ran an extremely complex online fraud operation along with a massive malware botnet for nine years, made tens of millions of US dollars, but their crime spree is now over, and all three will be heading to prison by the end of August this year.
The three were arrested in late 2016 after the FBI and Symantec had silently stalked their malware servers for years, patiently waiting for the highly skilled group to make mistakes that would leave enough of a breadcrumb trail to follow back to their real identities.
Those errors came in 2015, when of the group's proxy servers began leaking details about the group's traffic, eventually leading investigators on the right path, and when later that year one of the hackers made an unfortunate trip to Miami, where the FBI secretly search his phone at the border.
A year later, Romanian police were busting apartment doors in Bucharest, Romania's capital, and taking the group's members into custody.
This week, two of this gang's members were found guilty by a federal jury, while a third had already pleaded guilty last November. The three now stand to face long prison sentences on nearly two-dozen charges, each. Who is the Bayrob gang?
The three hackers are Bogdan Nicolescu ("Masterfraud" or "mf"), Radu Miclaus ("Minolta" or "min"), and Tiberiu Danet (aka "Amightysa" or "amy"). × bayrob-gang.jpg
Collectively, they are now known as the Bayrob gang, after the name Symantec gave to malware the group first developed back in 2007.
That's when the group started on their path of cybercrime. Just like all "entrepreneurs," they first started small.
They chose to cover fraud because, at the time, that's what most Romanian hackers were in to. In the mid-2000s, Romania was one of the most prodigious countries in the world of cybercrime.
Some of these hackers came from the benches of the country's many computer science universities, some self-educated on the dozens of hacking and cyber-security forums that littered the Romanian internet at the time.
The crime-du-jour at the time, and what Romanians hackers eventually became famous for , was online fraud, and especially eBay scams. This is how the Bayrob gang got their start, following tutorials and tricks they read online about auction frauds. How the Bayrob gang got started
In their beginnings, the Bayrob hackers focused on eBay and smaller classified ads sites. Their typical modus operandi was to post an ad or an auction, usually for an expensive product, and wait for bids.
Interested buyers would usually reach out, the gang would gauge their interest, but they'd always reply that another user outbid for the product --usually an expensive and highly sought after car, although not high-end luxury models.
But days after, the Bayrob members would reach out again, telling the interested buyer that the original bidder had backed down, and the car is available again. Image: Symantec/Norton × bayrob-ebay-scam-email.jpg
They'd offer to put the car up for auction again, and even sent new pictures of the car, packaged in slideshows. What the users didn't know was that the slideshow contained the Bayrob malware, which would infect their PCs. Image: Symantec × bayrob-slideshow.png
The Bayrob team would then send another email to buyers, which lured potential victims on new auction pages. It's at this stage that the Bayrob malware would enter the fold.
It would intercept the link and redirect victims to a fake eBay page.
Symantec, which helped investigate the group's operations, said that in this first phase of the group's evolution, the gang would usually craft versions of the Bayrob malware customized for each victim, along with fake eBay pages, containing everything from fake seller reviews, fake vehicle history reports, and fake pages from escrow and delivery services.
Fake eBay pages that the Bayrob malware would show victims Image: Symantec/Norton × bayrob-ebay-scam.png
The group's fraud operation was a notch above everything else, with great attention to detail, and with emails written in perfect English, so not to alert buyers of a potential scam. Moving up to the next level
But as the group sold more non-existent cars and made more money, this also helped them expand operations beyond what most eBay scammers were doing at the time.
A Romanian threat intelligence analyst who spoke with ZDNet in a telephone interview but did not want his name shared because he was not authorized to speak for the company and give out information told us the Bayrob gang began frequenting Russian-based hacking forums at this time, learning from the more advanced Russian fraud scene, even starting cooperating with other criminal groups.
And the group learned a lot. The Bayrob gang started putting together fake websites to create a larger ecosystem of fake companies...