14 DAY TRIAL // Researchers from Atlanta-based security company SecureWorks have uncovered a major check counterfeiting operation, which resulted in a $9 million fraud. The fraudsters used a botnet designed to automate a wide variety of tasks, from money mule recruitment to scraping processed checks repositories.
The gang, which researchers call "the BigBoss group", began its operation by using a variant of the notorious ZeuS trojan, one of the preffered tools of cyber fraudsters. An interesting aspect of this particular Zbot version was that it established a VPN connection with the command and control server in order to bypass NAT restrictions.
The fraudsters later abandoned ZeuS and used the VPN code to create a new trojan, which they distributed to the infected computers. This new botnet played a central role in the whole scheme by being used to automate key tasks.
For one, the gang used it to harvest email addresses from recruitment websites and spam them with fake job offers. This was done to enlist money mules from the United States, that would later cash in the counterfeit checks and wire the money out of the country. But to send spam, the cyber crooks required webmail accounts, which were also registered with the botnet's help; the whole process leveraging a CAPTCHA-breaking service.
The infected computers were then ordered to scrape various processed check repositories for images of scanned checks. These were later printed using off-the-shelf hardware and software to create counterfeit copies.
However, the fraudsters had to ship the checks to the U.S. money mules working for them. As it turns one this problem was also tackled with the army of zombie computers, which used stolen credit card details to automatically purchase self-print postal labels from an overnight shipping company.
The counterfeit checks was always being kept under $3,000 in oder to avoid additional verifications by the banks. Additionally, the researchers also found that almost 2,900 individuals responded to the rogue job offers put out by this gang.
"[...] We estimate that the group has probably printed out and mailed over $9 million USD face value worth of counterfeit checks. [...] Checks mailed next-day-delivery also probably represent over $65,000 USD in fraud against the overnight shipper," the SecureWorks experts conclude.
You can follow the editor on Twitter @lconstantin