Passwords are old school.Biometrics is the new-age security solution that is being implemented rapidly across organizations and devices.Almost all the latest smartphone models come with a built-in fingerprint sensor these days.Biometric data is considered to be the most secure form of authentication as it belongs to an individual and can’t be changed.The very advantage of biometrics can soon turn into a security nightmare.An investigation conducted by Kaspersky Labs has unearthed increasing availability of biometrics skimming devices on the darknet.These devices, capable of skimming victim’s fingerprints can be easily bought from at least twelve sellers against Bitcoin payments.In a statement, a security expert from Kaspersky Labs Olga Kochetova says, “The problem with biometrics is that, unlike passwords or PIN codes which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image.Thus if your data is compromised once, it won’t be safe to use that authentication method again.” According to Olga, the easiest way for someone to gain access to biometric data is by accessing modern passports and visas.

These documents have biometric data of the holder embedded in them and anyone with access to these documents can easily steal the information.While most of the biometric data skimming devices available on the darknet are for stealing fingerprints, especially from ATMs, there are few who are allegedly working on devices that can illegally capture data associated with palm vein and iris as well.Another recent survey conducted by Deloitte shows that over 20% of smartphone users in the United Kingdom have switched to fingerprint authentication on their phones.The shift is said to be driven by privacy concerns as some believe that passwords and PINs can be compromised easily.But the latest trend on the darknet may soon end up neutralizing the advantage of fingerprint authentication over passwords and PINs.The only way to safeguard one’s biometric data is to check for skimmers at ATMs and other public places that require biometric authentication before using them.Also, by keeping the passports and visas safe.

A Little Sunshine / Web Fraud 2.0 — 35 Comments An increasing number of malware samples in the wild are using host systems to secretly mine bitcoins.sell bitcoin ukashIn this post, I’ll look at an affiliate program that pays people for the mass installation of programs that turns host machines into bitcoin mining bots.bitcoin promotional graphicsBitcoin is a decentralized, virtual currency, and bitcoins are created by large numbers of CPU-intensive cryptographic calculations.litecoin getting startedAs Wikipedia explains, the processing of Bitcoin transactions is secured by servers called bitcoin miners.litecoin to cad converter

These servers communicate over an internet-based network and confirm transactions by adding them to a ledger which is updated and archived periodically using peer-to-peerfilesharing technology.python bitcoin nodeIn addition to archiving transactions, each new ledger update creates some newly minted bitcoins.bitcoin center manhattanEarlier this week, I learned of a Russian-language affiliate program called FeodalCash which pays its members to distribute a bitcoin mining bot that forces host PCs to process bitcoin transactions (hat tip to security researcher Xylitol).vpn bitcointalkFeodalCash opened its doors in May 2013, and has been recruiting new members who can demonstrate that they have control over enough Internet traffic to guarantee at least several hundred installs of the bitcoin mining malware each day.bitcoin valor maximo

The FeodalCash administrator claims his mining program isn’t malware, although he cautions all affiliates against submitting the installer program to multi-antivirus scanners such as Virustotal; sending the program that installs bitcoin mining bot to Virustotal “greatly complicates the work with antivirus” on host PCs.bitcoin fraudstersTranslation: Because services like Virustotal share information about new malware samples with all participating antivirus vendors, scanning the installer will make it more likely that antivirus products on host PCs will flag the program as malicious.Rather, the administrator urged users who want to check the files for antivirus detection to use a criminal friendly service like scan4u[dot]net or chk4me[dot]com, which likewise scan submitted files with dozens of different antivirus tools but block those tools from reporting home about new and unidentified malware variants.I gained access to an affiliate account and was able to grab a copy of the mining program.

I promptly submitted the file to Virustotal and found it was flagged as a trojan horse program by at least two antivirus products. shows that the mining program installer ads a Windows registry key so that the miner starts each time Windows boots up. (perhaps to deposit a note about each new installation).The FeodalCash administrator also claims that his affiliates are not permitted to distribute the installer file in any way that violates the law, but of course it’s unclear which national laws he might be talking about.At the same time, the affiliate program’s Web site includes a graphical tool that helps affiliates create a custom installer program that can install silently and be disguised with a variety of program icons that are similar to familiar Windows icons.Also, the administrator demands that new users demonstrate the ability to garner hundreds to thousands of installs per day.This is a rather high install rate, and it appears many if not all affiliates are installing the mining program by bundling it with other executable programs distributed by so-called pay-per-install (PPI) programs.