Book of the Month – Cyber Fraud: Tactics, Techniques and Procedures

Gone are the days when those BlackHat Hackers would tickle you for fun, Now they will poke you & take your diamonds without you even knowing anything about it until it’s too late. Landscape in the Cyber underground has completely changed since then, making it more like well organized business controlled by global entities around the world. It is not just the script kiddies sitting out there in the dark and pulling the strings, the game is now run by skilled experts and high profile business elements making millions overnight. In this process of lucrative business framework, the dark guys have even left behind the white hats who have been struggling to catch up with the smart moves of these these skilled men behind the scenes.

In this direction, this book on “Cyber Fraud” explores all those techniques, technologies and territories owned by the Cyber crooks in an well organized manner by demonstrating the case studies, live examples from the Cyber underground.



Here is the core information about the book,

Author: Rick Howard
Publisher: Auerbach Publications
Hardcover: 520 pages
Release Date: April 23, 2009


Here is the table of contents,

  • Cyber Fraud: Principles, Trends, and Mitigation Techniques
  • The Cyber Threat Landscape in Russia
  • Banking Trojans: An Overview
  • The Russian Business Network: Rise and Fall of a Criminal ISP
  • IFrame Attacks – An Examination of the Business of IFrame Exploitation
  • Inside the World of Money Mules
  • Preventing Malicious Code from “Phoning Home”
  • Distributed Denial of Service (DDoS) Attacks: Motivations and Methods
  • Mobile Malicious Code Trends
  • The Torpig Trojan Exposed
  • The Laqma Trojan298
  • BBB: A Threat Analysis of Targeted Spear – Phishing Attacks
  • Silentbanker Unmuted: An In-Depth Examination of the Silentbaker Trojan Horse
  • Emerging Economic Models for Software Vulnerability Research

Book starts with basics surrounding the Cyber Fraud and then move on to explaining how Russian Business Network (RBN) has influenced and played major role in the systematic Cyber Crimes surfacing all around the world. It explains how a less stringent Russian laws has boosted and protected the cyber criminals to run the business flawlessly. It then brings out the stories of Banking attacks carried out by implanting smart Trojans on the victim’s systems and intercepting their transactions to silently stealing their money.

Slowly author starts getting more technical through introduction of hidden iFrame attacks, their role in launching the attacks in the background as the user happily browsing around completely unaware of real game. Next chapter brings out the anatomy of entire business network and flow of money around the Cyber Crime lines through Money Mules. Author explains in very vivid ways how pump & dump scams are taking place transparently  passing the loot from one corner of the world to another in a matter of time.

Chapter on DDOS Attacks makes it more evident how a sophisticated attacks involving large scale Botnets are striking the net harder and how they have been used by ethical players to bring down their opponents. The end chapters on Trojans covering the real life case studies are mind dazzling and helps in understanding complete life cycle of smart Trojans from their deceptive model to their prominent role in the Cyber fraud business. The last chapter on ‘Vulnerability Research’ goes on great depth in showcasing how it has evolved as heavy money making business by connecting threads between ethical & illegal business entities.


Overall, it is an interesting read and recommended for any one who would like to know in & out of the Cyber crooks, their operations and the framework in which they operate to make millions behind the lines.

EBook Link: and



Similar posts
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]
  • Advanced Malware Analysis Training Se...   Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting The [...]

1 Comment

  1. rasmi rasmi
    September 17, 2010    

    how much is the price

Leave a Reply

Our Company

Follow us on Facebook

Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list