Lost+Found: Revelations about scammers and malware
Too short for news, too good to lose; Lost+Found is a round up of useful security news. Today: Microsoft answers the question why Nigerian scammers are still from Nigeria, talkative malware authors, and cross-site scripting Google's bug bounty page.
- Microsoft has published a report that aims to explain why Nigerian scammers still claim to be from Nigeria. As it turns out, their rationale is that someone undiscerning enough to react to such an obvious ploy as a 419 scam, is also likely to actually send them the money they are after.
- Security researchers working for AVG and researching what they presumed was a Diablo III keylogging trojan suddenly found themselves chatting with the creator of the malware. The hacker wanted to know who was looking into his code: "What are you doing? Why are you researching my Trojan? What do you want from it?" The virus specialists discovered that the malware wasn't looking for video game account information at all but was looking to steal dial-up credentials. To this end, the trojan not only included messaging functionality but could also capture the victim's screen and webcam feed.
- Another security researcher details how he used cross-site scripting (XSS) to exploit Google's security bug bounty program to pay him the $3,133.70 bounty without doing any legitimate work. Even though the trick only worked "temporarily", it still makes for interesting reading.