Malware, Money Mules, and Skimmers…huh?

These days, when the world is so completely intertwined, whether through television or multinational corporations, the facet that is closest to this geek’s heart is the interconnectedness of our computer networks and those shadowy figures at the edges preying on the uninformed.

A thriving sector in the Balkan states, the Baltic states, China and the old Soviet Union (as well as in our back yards), cyber-thieves and their ilk are becoming more sophisticated in their methods of attack.

I want to present to you a primer on what is out there and what you may need to know to mitigate your exposure.

Malware:

(from wikipedia) “Malware, short for malicious software, is software designed to infiltrate a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.^[1] “

Forwarded itself to everyone on your email distro list

Spyware, viruses, bots are all types of malware. Spyware watches your computer and can transmit keystrokes and passwords to the individual or group who developed the spyware. Viruses have been around for a while, but gone are the days of teens trying to do practical jokes. The main distinguishing characteristic between the days of yore and now is notification – old viruses WANTED you to know it was there (since old-skool virus writers craved notoriety) and did things like erase your hard drive or put up a Christmas tree on your screen and then forward itself to others on your email list. Now, this is all done surreptitiously and professionally so that even anti-virus programs may be unable to detect it (see rootkits); moreover, viruses now are purposed to steal money or information for monetary gain not NOT for fame.

Signs your computer may have malware:

1. System sluggish
2. System Crashes
3. Popups and warnings from weird web sites
4. Anti-spyware or Anti-virus cannot complete a scan or cannot open

How to prevent it?

1. Have an anti-malware AND anti-virus system in place. This will only be as good as the updates. Old malware won’t work because the protection programs have the signatures in the definition files. New malware may work because there may be a window between the release of the malware and the anti-virus companies response. Make sure that your AV software updates its definitions automatically.
2. Update your browser and PDF reader. These are the two most used vectors for infection by criminals. The PDF standard can be read by multiple readers, use FoxIt Reader to eliminate some of the vulnerabilities that are present in the Adobe product. As for the browser, update to IE 8 or Firefox 3.6. Use add-ons for Firefox such as NoScript to prevent scripts from running in the background when you go to a site.
3. Don’t go and click on any attachments that seem suspicious. If that card really came from your buddy, email him back and ask. All reputable card companies do not send an attachment but rather a link (which has its own set of perils) so if you get a “card” as an attachment, don’t click on it.
4. Run the system in “user” mode rather than as an administrator. Being administrator gives you unfettered access to the system files. If you run as user, the system files are not modifiable by you. Now some viruses get around this but this is at least akin to locking your doors to prevent burglars as opposed to leaving them wide open.
5. Get a different operating system. I know this is not an option for most of you, but I am including it anyway. Cyber criminals target Windows and Windows apps as most of the world uses them. Personally, I run Windows 7, Ubuntu and OSX Snow Leopard and I’ve found all three to be useful and practical but I am less concerned about using OSX or Ubuntu since they’re inherently more secure.

Money Mules

(from wikipedia) A money mule is a person who transfers money and reships high value goods that have been fraudulently obtained in one country, usually via the internet, to another country, usually where the perpetrator of the fraud lives. The term money mule is formed by analogy with drug mules.

The need for money mules arises because while a criminal in a developing country can obtain the credit card numbers, bank account numbers, passwords and other financial details of a victim living in the first world via the internet through techniques such as malware and phishing, turning those details into money usable in the criminal’s own country can be difficult. Many businesses will refuse to transfer money or ship goods to certain countries where there is a high likelihood that the transaction is fraudulent. The criminal therefore recruits a money mule in the victim’s country who will receive money transfers and merchandise and resend them to the criminal in return for a commission.

Why is this entry on here? Cyber criminals prey on the unemployed and those in financial distress, enticing them with the promise of easy money as an Money Transfer Agent or Financial Agent. The adage of “If it sounds too good to be true, it probably is.” this is an illegal activity that will get you thrown in jail and have your accounts frozen. NOT WORTH IT. Here’s an excellent description of the process at banksafeonline.co.uk. Be careful about what job offers you accept.

So how do cyber criminals get the money to give to the money mules to then transfer to overseas accounts? Well, compromised computers with malware on them is one way but another way is through skimming credit or debit cards at ATM’s. As if we didn’t have enough to worry about, now we must worry ourselves about:

Skimmers

(from wikipedia) [There are a number of ways to skim your credit card or debit card number but the alarming increase in ATM skimming wherein a]  perpetrator has put a device over the card slot of a ATM (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user’s PIN at the same time.^[8]

Here are a few images of what I’m talking about:

As you can see, it’s virtually impossible to detect a compromised ATM. The last four pics are an example of a compromised ATM, this time in Europe, that uses a mobile phone to transmit the data IMMEDIATELY to the perpetrators.

How to protect yourself? Practice basic ATM street smarts and you should have little to fear from these skimmers: If you see something that doesn’t look right — such as a odd protrusion or off-color component on an ATM — consider going to another machine. Also, stay away from ATMs that are not located in publicly visible and well-lit areas. Remember, an ounce of prevention is worth your bank account’s cash.

*Update: Here’s a video German authorities released showing two soon-to-be convicts installing a skimmer.