Botnets and Identity Thieves – Its the Money Part 2

I read a number of computer security related blogs and email newsletters, and a couple of items came across my desk (ok, through my inbox) today that I thought worth passing on. For those of you who wonder why people write malware, here are a couple of articles worth a read. (I won’t call this stuff a “viruses” anymore. These are high quality malicious software programs – i.e. “malware,” written by professional software designers.)

The first story deals with the return of the Storm worm. At one point in the article they discuss the detection of the mass mailing (spamming) of electronic greeting cards. For your information, one of the distribution vectors that malware writers use is the anonymous electronic greeting card (“you have a greeting card from a friend…”). The friend is never identified, but if you click on the card, you will get a nasty case of the Storm worm, and become part of a spam-sending botnet. Please don’t send me an e-card, I won’t read it. Try Hallmark. You can read the entire article on TechRepublic here:

The second story is from IT World, and chronicles the adventures of an undercover FBI agent code named Master Splynter who penetrated and eventually ran an on-line store for spammers and credit card thieves. Basically, a cyber-criminal sets up an account, just like at, and can purchase botnets, software exploits and malware, and credit card numbers, credit card duplicating hardware, and other nifty bits, like the accessory parts a cyber-criminal can attach to an ATM to scan credit card and bank card information off of otherwise legitimate cash machines. His efforts eventually led to 59 arrests in the US, UK, Germany, Turkey, and other countries. The article can be read at:

There is also a nice, if not professionally written, article from the Spyware Removal Google Group that covers Spyware removal programs, especially those that can be used free of charge. Find it at:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.