Your trusted source

Banks in Azerbaijan that have courted the shadowy trade in spam-advertised pharmaceuticals now have cornered the market for processing credit card payments for fake antivirus software, new data reveals.

According to Krebsonsecurity site, in June, KrebsOnSecurity highlighted research from the University of California, San Diego (UCSD) showing that Azerigazbank, a financial institution in Azerbaijan, was the primary merchant bank for most major online-fraud pharmacy affiliate programs. By the time that research was published, those programs had moved their business to another bank in Azerbaijan, JSCB Bank Standard.

UCSD researcher Damon McCoy has been making targeted “buys” at dozens of fake AV sites, trying to identify their partner banks. The fake AV operations that McCoy follows are distinct from those in the UCSB research; the UCSB team asked that the names of the rogue AV programs they infiltrated not be published, citing ongoing law enforcement investigations.
McCoy says, “Recently, I heard from a source that stumbled upon a portion of the customer database for a payment processing firm idpay.com. It’s not clear where this company is based; it claims to have offices in Russia, New York and the United Kingdom, but neither NY nor the UK has any record of that company, and the company did not respond to requests for comment. The idpay.com database indicates that a large number of fake AV Web sites were using idpay.com to process payments (a partial list is here).”

Krebsonsecurity.com site writes, “The president of Azerbaijan met last week with NATO officials to discuss ways to promote cyber security, but somehow I doubt that preventing Americans from getting ripped off is high on the country’s priority list. According to the CIA’s World Factbook, Azerbaijan is resource-rich but also quite poor, and is grappling with widespread environmental issues. Corruption is ubiquitous in Azerbaijan, and it serves as a main conduit for drug and human trafficking. Given the volume of major cybercrime payments flowing through Azerbaijani banks, one has to wonder why Visa and MasterCard would allow any Internet-based transactions from consumers in the United States and Europe to these institutions.”