First of all, may
2013 be a prosperous year for all of you. Yes, the holidays are
coming to an end (for some the holidays already ended) and for most
people it will be back to work and school very soon. Although I had a
great vacation I also had a very busy one. In between the relaxation
and quality time with family and friends, I also spent some time
working on new projects here at Cyber Top Cops. I am really exited
about these projects because I believe they will make us more
effective in the battle against cyber crime. So lets take a look at
what is new at Cyber Top Cops
Although this is
not a new project, I have made some improvements to it. These
improvements were mainly made behind the scenes, so you won't really
notice anything different, but I have upgraded our scam example
publishing tool which makes it possible for me to process scam
examples quicker and easier.
This new project
is a visible enhancement to the SHPAMEE Project. Although it is still
in it's baby shoes, I believe this will add a lot of value to the
spam examples we publish on our site in the future. The main idea
behind this project was to get all the information collected about a
cyber criminal during an investigation, out to the public. The main
focus of this project is 419 scams at the moment, but the
infrastructure of this project allows us to do much more than just
419 scammers. It is not really a project completely on its own, but
it is rather tightly integrated into the SHPAMEE Project. At the
bottom of each e-mail example you will see a heading “Related
Cyber Criminal Profiles”. The
system uses keywords from the e-mail example and searches the Cyber
Criminal Profile database for cyber criminals that could possibly be
related to the specific e-mail example on display. For an example of
how this works, visit the following spam example page:
When
you click on one of the profile links, it will take you to a profile
page for that specific cyber criminal. It will highlight all
similarities between the cyber criminal and the example page, in red,
so that you can see why this cyber criminal was flagged as a related
cyber criminal for that specific spam example.
In
the spam example mentioned above you will find Mrs
Kwesi Jane as the first related cyber criminal. At the bottom of
the cyber criminal profile page you will find a cross reference back
to the spam example and any other spam example the cyber criminal
might be linked to, as well as a list of other cyber criminals
related to the one on display. When you click on any of these related
cyber criminal links, it will take you to the related cyber
criminal's page where the similarities between the current cyber
criminal and the related cyber criminal will be highlighted.
The
database is almost non-existent, with only 4 active profiles at the
moment. These 4 initial profiles were used to test the functionality
of the system and now that the infrastructure is in place for more
cyber criminal profiles, we can expand the database over time. A 419
scam example only tells you so much about the cyber criminal
involved, but the new Cyber Criminal Profile system allows us to tell
you so much more about a specific scam, not just about the main
peanut in the packet, but also about everyone else involved in a scam
(or at least every other alias used by a scammer). Who knows what
kind of links this system will identify when we add more profiles to
the database?
Most
of my time went into this project. Over the years we have collected
hundreds of malware samples, submitted by members of the public
through our Malware
Sample Upload Form as well as samples collected from spam e-mails
and links reported through our Malware
Site Report Form. But working through these samples and links was
quite a tedious task, so I developed a system to make my life easier
and at the same time provide feedback about the samples we have
analysed so far. The malware sample information pages provide very
basic information about the sample and which malware scanners you can
use to remove it from your system, but I will add more information to
these pages as time goes by.
This
database is not just about a bunch of information pages. Visitors can
also upload
files to compare it to our database and if no match is not found,
you can submit the sample for further analysis. I have also added an
RSS
feed, to keep interested parties up to date when we add new
samples to our database. This feed can also be a great way for
visitors to get some feedback about a malware sample submitted for
analysis.
A
lot of effort went into these projects and I really hope it will
serve the Internet community well. I would like to see these projects
as work in progress, because I am never done with them, every now and
then I get an idea to expand or enhance a project or sometimes I just
find a way to do the same thing, only better and more effective. But
to make these projects more effective we need the help of the
Internet community. We need you to report
cyber crime!
About
the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.
No comments:
Post a Comment