Spreading the Disease and Selling the Cure

[InfoSec News <alerts () infosecnews org>]

http://krebsonsecurity.com/2015/01/spreading-the-disease-and-selling-the-cure/

By Brian Krebs
Krebs on Security
January 26, 2015

When Karim Rattani isn’t manning the till at the local Subway franchise in 
his adopted hometown of Cartersville, Ga., he’s usually tinkering with 
code. The 21-year-old Pakistani native is the lead programmer for two very 
different yet complementary online services: One lets people launch 
powerful attacks that can knock Web sites, businesses and other targets 
offline for hours at a time; the other is a Web hosting service designed 
to help companies weather such assaults.

Rattani helps run two different “booter” or “stresser” services – 
grimbooter[dot]com, and restricted-stresser[dot]info. He also works on 
TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for 
protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani 
via his Facebook account (which was replete with images linking to fake 
Youtube sites that foist malicious software disguised as Adobe’s Flash 
Player plugin). It turns out, the same Google Wallet is used to accept 
payment for all three services, and that wallet traced back to Rattani.

In a Facebook chat, Rattani claimed he doesn’t run the companies, but 
merely accepts Google Wallet payments for them and then wires the money 
(minus his cut) to a young man named Danial Rajput — his business partner 
back in Karachi. Rajput declined to be interviewed for this story.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/