Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door by Brian Krebs

Author:Brian Krebs [Krebs, Brian]
Language: eng
Format: epub, mobi, azw3
Publisher: Sourcebooks
Published: 2014-11-18T06:00:00+00:00

Severa

Cosma ran his stock spam business in tandem with that of another cybercrook, a hacker who uses the nickname “Severa.” This spammer was named as a defendant in an indictment handed down by a U.S. federal court in 2007 as a major partner of Alan Ralsky, an American spammer who was convicted in 2009 of paying Severa and other spammers to promote the pump-and-dump stock scams. But while Severa was indicted, he was never arrested, and his case is still pending. Partially, this is because he appears to still be in Russia, a country that traditionally hasn’t extradited alleged cybercriminals to stand trial in the United States or Europe.

Severa’s spam machine was powered by a sophisticated computer worm known as “Waledac.” This contagion first surfaced in April 2008, but many experts believe that Waledac was merely an update to the Storm worm, the engine behind a massive spam botnet that first surfaced in 2007.

Waledac and Storm were major distributors of pharmaceutical and malware spam. At its peak, Waledac was responsible for sending 1.5 billion junk emails per day. According to Microsoft, in one month alone approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks, and more. The Storm worm botnet also sent billions of messages daily and infected an estimated one million computers worldwide.

Both Waledac and Storm were hugely innovative because they each included self-defense mechanisms designed specifically to stymie security researchers who might try to dismantle the crime machines. Traditional botnets are controlled by Internet servers that can be shuttered just like McColo or Atrivo. But Waledac and Storm sent updates and other instructions via a peer-to-peer communications system not unlike popular music and file-sharing services. The beauty of this approach is that even if security researchers or law-enforcement officials manage to seize the botnet’s back-end control servers and clean up huge numbers of infected PCs, the botnets could respawn themselves by relaying software updates from one infected PC to another.

According to SpamIt records, Severa brought in revenues of $438,000 and earned commissions of $145,000 sending spam advertising for rogue online pharmacy sites over a three-year period. He also was a moderator of Spamdot.biz.

Severa made more money renting his botnet to other spammers. For $200, vetted users could hire his botnet to send one million pieces of spam. Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million.

There is ample evidence in the leaked SpamIt chats that Severa controlled the Waledac spam botnet. On August 27, 2009, Severa sent a private message to a Spamdot.biz user named “IP-server.” Those communications show that the latter had sold Severa access to so-called “bulletproof hosting” services that would stand up to repeated abuse claims from other Internet service providers (ISPs). The messages indicate that Severa transacted with IP-server to purchase dedicated servers used to control the operations of the Waledac botnet.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.