Book of the Month – Cyber Fraud: Tactics, Techniques and Procedures

Gone are the days when those BlackHat Hackers would tickle you for fun, Now they will poke you & take your diamonds without you even knowing anything about it until it’s too late. Landscape in the Cyber underground has completely changed since then, making it more like well organized business controlled by global entities around the world. It is not just the script kiddies sitting out there in the dark and pulling the strings, the game is now run by skilled experts and high profile business elements making millions overnight. In this process of lucrative business framework, the dark guys have even left behind the white hats who have been struggling to catch up with the smart moves of these these skilled men behind the scenes.

In this direction, this book on “Cyber Fraud” explores all those techniques, technologies and territories owned by the Cyber crooks in an well organized manner by demonstrating the case studies, live examples from the Cyber underground.



Here is the core information about the book,

Author: Rick Howard
Publisher: Auerbach Publications
Hardcover: 520 pages
Release Date: April 23, 2009


Here is the table of contents,

  • Cyber Fraud: Principles, Trends, and Mitigation Techniques
  • The Cyber Threat Landscape in Russia
  • Banking Trojans: An Overview
  • The Russian Business Network: Rise and Fall of a Criminal ISP
  • IFrame Attacks – An Examination of the Business of IFrame Exploitation
  • Inside the World of Money Mules
  • Preventing Malicious Code from “Phoning Home”
  • Distributed Denial of Service (DDoS) Attacks: Motivations and Methods
  • Mobile Malicious Code Trends
  • The Torpig Trojan Exposed
  • The Laqma Trojan298
  • BBB: A Threat Analysis of Targeted Spear – Phishing Attacks
  • Silentbanker Unmuted: An In-Depth Examination of the Silentbaker Trojan Horse
  • Emerging Economic Models for Software Vulnerability Research

Book starts with basics surrounding the Cyber Fraud and then move on to explaining how Russian Business Network (RBN) has influenced and played major role in the systematic Cyber Crimes surfacing all around the world. It explains how a less stringent Russian laws has boosted and protected the cyber criminals to run the business flawlessly. It then brings out the stories of Banking attacks carried out by implanting smart Trojans on the victim’s systems and intercepting their transactions to silently stealing their money.

Slowly author starts getting more technical through introduction of hidden iFrame attacks, their role in launching the attacks in the background as the user happily browsing around completely unaware of real game. Next chapter brings out the anatomy of entire business network and flow of money around the Cyber Crime lines through Money Mules. Author explains in very vivid ways how pump & dump scams are taking place transparently  passing the loot from one corner of the world to another in a matter of time.

Chapter on DDOS Attacks makes it more evident how a sophisticated attacks involving large scale Botnets are striking the net harder and how they have been used by ethical players to bring down their opponents. The end chapters on Trojans covering the real life case studies are mind dazzling and helps in understanding complete life cycle of smart Trojans from their deceptive model to their prominent role in the Cyber fraud business. The last chapter on ‘Vulnerability Research’ goes on great depth in showcasing how it has evolved as heavy money making business by connecting threads between ethical & illegal business entities.


Overall, it is an interesting read and recommended for any one who would like to know in & out of the Cyber crooks, their operations and the framework in which they operate to make millions behind the lines.

EBook Link: and



Similar posts
  • Microsoft MCSE Certification: Your Ne... Microsoft MCSE is the most in-demand certification for all those professionals who work in the Information Technology industry. Most IT companies prefer hiring those workers who carry the Microsoft MCSE certificate. That is why most of the IT job applicants today try to get certified by Microsoft. In the competitive job market, MCSE helps an [...]
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]

Leave a Reply