The Latest in IT Security

Ice 419: Cybercrime in Nigeria

26
Nov
2013

Several months ago, we found that several Ice IX servers were hosted in the .co.za (South Africa) top-level domain. Our research revealed that these servers were all tied to a group of individuals located in Nigeria.

To recap, Ice IX is a popular banking Trojan that was heavily used by these criminals, together with the better-known ZeuS malware. These types of threats are known for stealing the login credentials of users to banks, email addresses, and social networks.

On some of the servers, there was an infected machine located in Nigeria that the cybercriminals seemed to be using as a proxy to connect to their Ice IX and ZeuS control panels:

Figure 1. Infected machine used as proxy

These cybercriminals are also engaged in other online crimes, such as setting up phishing websites for banks and social media, as well as operating classic Nigerian 419 scams. In order to send the spam messages necessary to carry out these attacks, they also hacked into legitimate servers and installed a PHP mailer.

We identified three individuals as part of the group responsible for these crimes, and they are all located in Lagos, the commercial capital of Nigeria. We believe that they are all part of a larger organization that goes beyond Nigeria. This highlights how African cybercrime is growing and how the region may become a major player in a near future.

More details about this syndicate may be found in our paper “Ice 419″.

Leave a reply


Categories

SATURDAY, AUGUST 24, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks