14 DAY TRIAL // Trend Micro has published a new paper on the activities of a cybercriminal ring involved in various activities, including 419 scams, phishing scams and attacks that rely on the Ice IX and ZeuS banking Trojans.
Experts claim to have identified some of the group’s members. While the people they’ve identified are located in Nigeria, Trend Micro believes they’re part of a larger organization that operates in other countries as well.
According to researchers, the cybercriminals are using the Ice IX malware, which is similar to ZeuS, in order to collect email addresses, financial information and webmail account credentials from infected computers.
Interestingly, the cybercrooks are using infected computers located in Nigeria to connect to Ice IX command and control (C&C) servers.
In addition to attacks that involve the Ice IX and ZeuS Trojans, the same crew has been operating phishing scams that target the customers of companies such as Scottrade, Korean search engine Daum.net, and dating website Match.com.
They’ve been also using a PHP mailer spamming tool in order to send out 419 scam emails designed to trick recipients into handing over money and personal information. Experts have come across a number of email address lists. Two of them contain over 1 million addresses from the US and Canada.
Trend Micro has managed to identify three men allegedly connected to the group. Ofeoritse Abalagbeyi, aka “Smith Samson,” is believed to be responsible for hosting, for the domains and for the configuration of the Ice IX and ZeuS servers.
He has been in contact with another man named Peter Hollame, who is also said to be in charge of handing C&C servers.
The man responsible for the Nigerian scam emails is one Uzochukwu Nzenwata, aka “Peter Nzenwata.” All of the suspects are still at large.
For additional details, check out Trend Micro’s “Ice 419 – Cybercriminals from Nigeria Use Ice IX and the 419 Scam.”