Multi Million Dollar Russian Hacker A-Z And His Rent A Botnet ZeuS
- By Grey McKenzie
- Published 08/5/2008
Grey McKenzie
National Cyber Security Founder
Cyber security watchdog Grey McKenzie is one of the nation's leading Internet security experts.
Some of his clients include members of the Department of Homeland Security, State Department, Department of Defense & the Federal Bureau of Investigation.
His SpyCop security software products are in use by over 50,000 individuals & companies worldwide
To schedule an interview or consult with Grey call 902-532-2262
Cybercrime partnerships are proliferating over the Internet as many very bright but disillusioned computer programmers are turning their computer workstations into money printing machines.
Take the case of a cyber criminal from Russia with a code name A-Z.
Apparently he is a highly skilled coder who creates viruses & botnets that he then rents out to other cyber criminals for a fee.
His most famous creation is a Botnet code called ZeuS
A-Z operates out of Russia who like most governments, don't really know how to deal with cyber crime so he is not a high priority for the authorities.
A story by Allison Diaz for USA TODAY reports...
"A-Z perfected ZeuS — a customizable botnet creation and management program that readily slips through computer firewalls and sidesteps detection by anti-virus filters.
He began hawking ZeuS for $3,000 on Internet forums, where hackers and scammers congregate. By early 2007, ZeuS began to catch on, according to reports from Sunbelt Software, Symantec, McAfee, Kaspersky Lab, Finjan and other security firms.
One customer used ZeuS to steal user names and passwords from patrons of a Russian online stock-trading site. Another used ZeuS to take control of at least 150,000 PCs and encrypt personal files stored on the hard drives, leaving behind a ransom note demanding $300 for the keys to decrypt the files.
ZeuS was also deployed to swipe 1.6 million sensitive records from job seekers at Monster.com and several other online job sites. Monster has since taken an "extremely aggressive approach" to preventing fraud, says spokesman Steve Sylven. "We continually refine our site technologies to prevent unauthorized access to Monster services," he says.
ZeuS was so effective that it inspired cheap knockoffs. This cut into A-Z's revenue and tarnished his reputation, Jackson says. "His money began to dry up when U.S. and German groups began selling counterfeit versions."
As with all people on planet earth we all have a rational for what we do.
Allison goes on to report...
"A-Z, in fact, has admirers in legitimate tech circles. Yuval Ben-Itzhak, a virus hunter at San Jose-based security firm Finjan, marvels at the finesse it took to develop ZeuS. "To write a program that needs to run on millions of PCs all around the world and not break them is truly an art," Ben-Itzhak says. "I'm telling you, I'd be willing to hire a person like this at any price."
In online chats, Jackson says, A-Z has told him that he presumes his clients used ZeuS strictly for legal endeavors, and expressed a desire to be taken seriously as a programmer.
In one chat session, A-Z divulged his goal to earn enough to trade in his 1995 Zhiguli sedan for a Mercedes-Benz SLR sports coupe. In another chat, Jackson asked A-Z about ZeuS' history of being used for mass infections and other criminal activity.
Jackson says the hacker insisted that his materials are provided for research purposes and said that he could not control his clients' actions."
Cyber security companies, who have become complacent in their quest for cash over quality of product, are partly to blame say many in the circles of academia.
Take Dr. George Ledin a Professor in the Computer Science Department over at Sonoma State University.
He's become so critical of cyber security companies that he holds a class that instructs students in the art of creating viruses & malware, just to make a point.
His point?
In a story by Adam Kushner of Newsweek he calls Dr. Ledin the Virus Professor.
Kushner reports...
"The companies that make their living fighting viruses aren't happy about what's going on in Ledin's classroom.
He has been likened to A.Q. Khan, the Pakistani scientist who sold nuclear technology to North Korea.
Managers at some computer-security companies have even vowed not to hire Ledin's students.
The computer establishment's scorn may be hyperbolic, but it's understandable. "Malware"—the all-purpose moniker for malicious computer code—is spreading at an exponential rate.
A few years ago, security experts tracked about 5,000 new viruses every year.
By the end of this year, they expect to see triple that number every week, with most designed for identity theft or spam, says George Kurtz, a senior vice president at antivirus software maker McAfee. "You've got a whole business model built up around malware," he says."
But Dr Ledin Counters...
"Ledin insists that his students mean no harm, and can't cause any because they work in the computer equivalent of biohazard suits: closed networks from which viruses can't escape.
Rather, he's trying to teach students to think like hackers so they can devise antidotes. "Unlike biological viruses, computer viruses are written by a programmer.
We want to get into the mindset: how do people learn how to do this?" says Ledin, who was born to Russian parents in Venezuela and trained as a biologist before coming to the United States and getting into computer science.
"You can't really have a defense plan if you don't know what the other guy's offense is," says Lincoln Peters, a former Ledin student who now consults for a government defense agency."
Take the case of a cyber criminal from Russia with a code name A-Z.
Apparently he is a highly skilled coder who creates viruses & botnets that he then rents out to other cyber criminals for a fee.
His most famous creation is a Botnet code called ZeuS
A-Z operates out of Russia who like most governments, don't really know how to deal with cyber crime so he is not a high priority for the authorities.
A story by Allison Diaz for USA TODAY reports...
"A-Z perfected ZeuS — a customizable botnet creation and management program that readily slips through computer firewalls and sidesteps detection by anti-virus filters.
He began hawking ZeuS for $3,000 on Internet forums, where hackers and scammers congregate. By early 2007, ZeuS began to catch on, according to reports from Sunbelt Software, Symantec, McAfee, Kaspersky Lab, Finjan and other security firms.
One customer used ZeuS to steal user names and passwords from patrons of a Russian online stock-trading site. Another used ZeuS to take control of at least 150,000 PCs and encrypt personal files stored on the hard drives, leaving behind a ransom note demanding $300 for the keys to decrypt the files.
ZeuS was also deployed to swipe 1.6 million sensitive records from job seekers at Monster.com and several other online job sites. Monster has since taken an "extremely aggressive approach" to preventing fraud, says spokesman Steve Sylven. "We continually refine our site technologies to prevent unauthorized access to Monster services," he says.
ZeuS was so effective that it inspired cheap knockoffs. This cut into A-Z's revenue and tarnished his reputation, Jackson says. "His money began to dry up when U.S. and German groups began selling counterfeit versions."
As with all people on planet earth we all have a rational for what we do.
Allison goes on to report...
"A-Z, in fact, has admirers in legitimate tech circles. Yuval Ben-Itzhak, a virus hunter at San Jose-based security firm Finjan, marvels at the finesse it took to develop ZeuS. "To write a program that needs to run on millions of PCs all around the world and not break them is truly an art," Ben-Itzhak says. "I'm telling you, I'd be willing to hire a person like this at any price."
In online chats, Jackson says, A-Z has told him that he presumes his clients used ZeuS strictly for legal endeavors, and expressed a desire to be taken seriously as a programmer.
In one chat session, A-Z divulged his goal to earn enough to trade in his 1995 Zhiguli sedan for a Mercedes-Benz SLR sports coupe. In another chat, Jackson asked A-Z about ZeuS' history of being used for mass infections and other criminal activity.
Jackson says the hacker insisted that his materials are provided for research purposes and said that he could not control his clients' actions."
Cyber security companies, who have become complacent in their quest for cash over quality of product, are partly to blame say many in the circles of academia.
Take Dr. George Ledin a Professor in the Computer Science Department over at Sonoma State University.
He's become so critical of cyber security companies that he holds a class that instructs students in the art of creating viruses & malware, just to make a point.
His point?
In a story by Adam Kushner of Newsweek he calls Dr. Ledin the Virus Professor.
Kushner reports...
"The companies that make their living fighting viruses aren't happy about what's going on in Ledin's classroom.
He has been likened to A.Q. Khan, the Pakistani scientist who sold nuclear technology to North Korea.
Managers at some computer-security companies have even vowed not to hire Ledin's students.
The computer establishment's scorn may be hyperbolic, but it's understandable. "Malware"—the all-purpose moniker for malicious computer code—is spreading at an exponential rate.
A few years ago, security experts tracked about 5,000 new viruses every year.
By the end of this year, they expect to see triple that number every week, with most designed for identity theft or spam, says George Kurtz, a senior vice president at antivirus software maker McAfee. "You've got a whole business model built up around malware," he says."
But Dr Ledin Counters...
"Ledin insists that his students mean no harm, and can't cause any because they work in the computer equivalent of biohazard suits: closed networks from which viruses can't escape.
Rather, he's trying to teach students to think like hackers so they can devise antidotes. "Unlike biological viruses, computer viruses are written by a programmer.
We want to get into the mindset: how do people learn how to do this?" says Ledin, who was born to Russian parents in Venezuela and trained as a biologist before coming to the United States and getting into computer science.
"You can't really have a defense plan if you don't know what the other guy's offense is," says Lincoln Peters, a former Ledin student who now consults for a government defense agency."
