This tool makes it easier for thieves to empty bank accounts
Banks and payment services are in a constant fight to detect account fraud, employing sophisticated ways to detect abnormal activities. One of those ways is “fingerprinting” a Web browser, or analyzing its relatively unique software stamp.
Web browsers relay a variety of data to websites, including a computer’s OS, its time zone, language preference and version numbers for software plugins. When those parameters change, along with others such as an IP address, it may mean an account is being fraudulently accessed.
To prevent being locked out of an account, fraudsters can use a variety of methods to appear legitimate when browsing by using virtual machines and special browser plugins. But an enterprising developer has developed a software package that makes spoofing a browser fingerprint much easier.
Called FraudFox VM, the software is a special version of Windows with a heavily modified version of the Firefox browser that runs on VMware’s Workstation for Windows or VMware Fusion on OSX. It’s for sale on Evolution, the successor to the Silk Road online contraband market, for 1. 8 bitcoins, which is about $390.
An application sold on the Evolution underground market makes it easier and faster to spoof a browser fingerprint, potentially fooling security systems.
It has been under development for a number of weeks by an Evolution vendor going by the nickname “hugochavez, ” whose avatar is a photo of the former Venezuelan president. The developer appear to have a good reputation, according to comments on an Evolution forum.
What FraudFox aims to do is make it faster and easier to change a browser’s fingerprint to one that matches that of the victim whose account they’re going to exploit, or simply mix up their own digital crumbs when browsing. It’s not a new tool per se, and more advanced cybercriminals may already know the techniques, but FraudFox consolidates the functions.
FraudFox’s effectiveness may depend on what service it is used against. Browser fingerprinting is just one metric used to detect fraudsters, said Ken Westin, senior technical marketing manager and security analyst with computer security company Tripwire, via email.
It’s unclear how FraudFox would deal with detection of a person’s IP address, as security systems also watch for use of proxy services such as Tor. “It will be interesting to see the tool when it is available and to test against existing fraud detection tools, ” he wrote.
FraudFox’s control panel
FraudFox’s control panel has drop-down boxes to select an OS version, whether that OS is 32- or 64-bit, the language, time zone and screen resolution. Another menu allows the selection of the fonts installed, another metric that can be tracked. A browser can be selected, as well as its version number and what version of Adobe System’s Flash plugin is running.
The variety of options and the speed at which an attacker can change their fingerprint means that it likely will “be very useful for e-commerce and online banking fraud specifically, ” said Andrew Komarov, CEO of IntelCrawler, a Los Angeles-based security company.
A forthcoming feature for FraudFox will be a “profile generator script. ” That script is designed for use with a phishing page. If a victim can be lured to the page, the script will automatically collect the person’s browser fingerprint. Those details are wrapped into a “” file, which can then be used to quickly configure FraudFox.
One trial user of FraudFox who claims to have tested it praised it. The reviewer wrote that FraudFox helped increase the percentage of cards he was able to authorize through payment processors using Verified by Visa and MasterCard SecureCode, two security mechanisms used for online card-not-present transactions.
“I am very happy with this product and I am willing to purchase this real soon, ” wrote the person, nicknamed “Coin. ”
FraudFox | The most advance antidetect tools for privately …
HOW CAN FRAUDFOX HELP?
More than simple user-agent editing and fiddling around with a few browser extensions, FraudFox offers a lot more features such as device details manipulation via the Virtual Machine (VM) console, changing the TCP/IP fingerprint using built-in utilities, and a lot more. It is also open to further software installations such as a Virtual Private Network (VPN) client within the VM to be able to boost up your anonymous browsing.
SOFTWARE IN A BRIEFCASEFraudFox is a Windows 7 Enterprise based Virtual Machine (VM), which is compatible with VMWare Workstation, VMWare Fusion and VirtualBox. Meaning you can easily move/copy it from one location to another, store it online or on your top secret USB. But it does not stop there, being a virtual machine on itself opens up a LOT of possibilities, make sure to check a few on our Wiki page. ULTIMATE SPOOFER ENGINEWith regards to web-based applications, FraudFox fits in perfectly in the testing phase. It is a developer’s or super user’s helping hand when it comes to testing out different created apps and cookies using different user agent profiles. It is also a tool used to be able to test out website security measures. Our unique engine uses 3 different browsers for achieving the best results. This means that when starting a Chrome based profile, a Chrome browser will be used, while launching one with IE selected, Internet Explorer will launch. This little change gives you a huge difference in your ORGANIZATION OF PROFILESEverything from browsing history to cookies are stored on a profile. Switching and maintaining profiles has never been this easy. Each profiles have its own extension which can be easily copied and imported on any FraudFox VM even on other devices. This new version comes with easy to use profile management with a detailed naming convention. Instant profile changes are now possible and users can save text notes and attach files to each profile for future SETTINGS RANDOMIZERA smart tool for automatically randomizing settings. Avoid basic mistakes when creating a profile, for example, when OS X is selected as OS, it should always be 64 bit and automatically does not select IE as browser. This makes sure that you always get correct and randomize settings in real life and not making costly mistakes when choosing the right device settings which should rise security FEATURES FOR ADVANCED USERSDue to recent requests, we added some features that will be loved by our super users, like using command line arguments for login details, multiple configuration files for extending fonts, plugins, flash and browser versions, and added a new feature to white label our application and change its name and logo. But we don’t stop here, we’re constantly testing experimental features for you. HASSLE FREE LICENSESUsing one license you can access all versions of FraudFox, it’s that simple. Also one of the most requested features has just arrived: We are giving huge discounts for our ongoing subscribers who continuously using support our efforts. Manual license processing is maximum 24 hours, no more long wait times. REGULAR UPDATESIf in cases new versions of Flash Plugins, Browser versions arrived, new updates and bug fixes are readily made by our team. For your convenience, you will receive update notifications using the built-in Notification System. 48 HOUR SUPPORT SYSTEMIf you have any questions about using our software, or having issues with your subscription feel free to send our team a support ticket on our site. Response to support tickets within 48 hours guaranteed, with new highly trained support staff.
This tool may make it easier for thieves to empty bank accounts
FraudFox is designed to spoof a browser fingerprint, an advanced method for tracking users
Thinkstock
Banks and payment services are in a constant fight to detect account fraud, employing sophisticated ways to detect abnormal activities. One of those ways is “fingerprinting” a Web browser, or analyzing its relatively unique software stamp.
Web browsers relay a variety of data to websites, including a computer’s operating system, its time zone, language preference and version numbers for software plug-ins. When those parameters change, along with others such as an IP address, it may mean an account is being fraudulently accessed.
To prevent being locked out of an account, fraudsters can use a variety of methods to appear legitimate when browsing by using virtual machines and special browser plugins. But an enterprising developer has developed a software package that makes spoofing a browser fingerprint much easier.
Called FraudFox VM, the software is a special version of Windows with a heavily modified version of the Firefox browser that runs on VMware’s Workstation for Windows or VMware Fusion on OSX. It’s for sale on Evolution, the successor to the Silk Road online contraband market, for 1. 8 bitcoins, which is about US$390.
It has been under development for a number of weeks by an Evolution vendor going by the nickname “hugochavez, ” whose avatar is a photo of the former Venezuelan president. The developer appears to have a good reputation, according to comments on an Evolution forum.
What FraudFox aims to do is make it faster and easier to change a browser’s fingerprint to one that matches that of the victim whose account they’re going to exploit, or simply mix up their own digital crumbs when browsing. It’s not a new tool per se, and more advanced cybercriminals may already know the techniques, but FraudFox consolidates the functions.
FraudFox’s effectiveness may depend on what service it is used against. Browser fingerprinting is just one metric used to detect fraudsters, said Ken Westin, senior technical marketing manager and security analyst with computer security company Tripwire, via email.
It’s unclear how FraudFox would deal with detection of a person’s IP address, as security systems also watch for use of proxy services such as Tor. “It will be interesting to see the tool when it is available and to test against existing fraud detection tools, ” he wrote.
Nearly every company that does sensitive online transactions uses browser fingerprinting, said Avivah Litan, a vice president and payments security analyst with Gartner. But browser fingerprinting has been losing effectiveness because of the use of techniques wrapped into tools such as FraudFox, she said.
“We always tell our clients they can’t completely rely on it, especially if it’s the only measure they use, ” Litan said via email. “But now, device/browser fingerprinting could be beginning to face its death sentence. ”
FraudFox’s control panel has drop-down boxes to select an OS version, whether that OS is 32- or 64-bit, the language, time zone and screen resolution. Another menu allows the selection of the fonts installed, another metric that can be tracked. A browser can be selected, as well as its version number and what version of Adobe System’s Flash plugin is running.
The variety of options and the speed at which an attacker can change their fingerprint means that it likely will “be very useful for e-commerce and online banking fraud specifically, ” said Andrew Komarov, CEO of IntelCrawler, a Los Angeles-based security company.
A forthcoming feature for FraudFox will be a “profile generator script. ” That script is designed for use with a phishing page. If a victim can be lured to the page, the script will automatically collect the person’s browser fingerprint. Those details are wrapped into a “” file, which can then be used to quickly configure FraudFox.
One trial user of FraudFox who claims to have tested it praised it. The reviewer wrote that FraudFox helped increase the percentage of cards he was able to authorize through payment processors using Verified by Visa and MasterCard SecureCode, two security mechanisms used for online card-not-present transactions.
“I am very happy with this product and I am willing to purchase this real soon, ” wrote the person, nicknamed “Coin. ”
Send news tips and comments to Follow me on Twitter: @jeremy_kirk
Copyright © 2015 IDG Communications, Inc.
Frequently Asked Questions about fraudfox
What is FraudFox?
Called FraudFox VM, the software is a special version of Windows with a heavily modified version of the Firefox browser that runs on VMware’s Workstation for Windows or VMware Fusion on OSX. It’s for sale on Evolution, the successor to the Silk Road online contraband market, for 1.8 bitcoins, which is about $390.Jan 20, 2015
What is FraudFox used for?
With regards to web-based applications, FraudFox fits in perfectly in the testing phase. It is a developer’s or super user’s helping hand when it comes to testing out different created apps and cookies using different user agent profiles. It is also a tool used to be able to test out website security measures.
How does FraudFox work?
FraudFox is designed to spoof a browser fingerprint, an advanced method for tracking users. … To prevent being locked out of an account, fraudsters can use a variety of methods to appear legitimate when browsing by using virtual machines and special browser plugins.Jan 20, 2015