Fugitif
23.10.2007, 23:15
Bad guys looking for shiny new botnets, Trojans, rootkits, and spyware this holiday season have plenty to choose from.
Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from.
Servicing them is a growing underground market bristling with botnets, Trojans, rootkits, spyware and all sorts of shady services aimed at everybody from the humble do-it-yourself hacker to sophisticated, organized criminal gangs.
"Just like there is a B2B marketplace, now there's a C2C -- criminal-to-criminal -- market," said Don Jackson, security researcher with Atlanta-based security vendor SecureWorks Inc.
And just like their more legitimate commercial counterparts, the operatives in this shadow economy operate on a free market principle, replete with concepts such as volume discounts, customer loyalty programs and referral services, added Makshym Schipka, senior architect for security vendor MessageLabs Ltd. "It's not just organized crime that is behind a lot of modern threats" on the Internet, said Schipka.
A lot of the activity is shifting more to a thriving open-market model filled with multiple criminal enterprises and individuals offering a whole portfolio of tools and services that are often just a Google click or two away from those who seek them.
"People are becoming more specialized in delivering goods and services in this market," he said. "You can either buy the things you want, or sell the things you made" with considerable impunity, he said. Just as there's a High Street for legitimate businesses, there's one for online criminals as well, said the London-based Schipka.
Here, according to Jackson and Schipka, are some the items likely to be in high demand by hackers shopping in this underground marketplace this coming holiday season:
-- Build A Storm Botnet: This new and uniquely crafted malware tool has been designed with the really high-end hacker in mind and is likely to be one of the hottest items this season, according to Jackson. For prices starting at US$100,000, spammers and other malicious attackers can now buy their very own Storm botnet, complete with fast flux DNS and hosting capabilities. Making it possible is a smart new 40-byte encryption feature supported on the latest Storm variants that hackers can basically use to segment compromised machines into their own little Storm botnets.
"Think of this as an FAO Schwarz kind of item," Jackson says. "Rather than leasing a botnet service and paying bot by bot for a good e-mail run or iFrame blast, you can pay for it all at once and have your own little Storm botnet ," Jackson said. The people who would buy such services are those who have already made their loot using leased services and are looking to start owning infrastructure, he said.
-- Rent-A-Bot services: Who needs to buy a botnet when you can lease a perfectly good one by the hour at a fraction of the price? Available in abundance this season, such botnet services are designed to let average spammers deliver a gazillion copies of their malware without them having to invest in the infrastructure needed to do so, Schipka said. For as little as $100 to $200 per hour, spammers can get access to a fully functional botnet capable of delivering the finest image spam and body part enhancement ads to millions at the click of a button, he said.
And such rent-a-bots aren't just for spammers anymore, Jackson said. What makes these versatile services so broadly appealing to bad guys is that they can be easily adapted to deliver the malware of choice or to launch distributed denial of service (DDOS) attacks against extortion targets. One example is the BlackEnergy botnet, which can be used to launch DDOS attacks against specific targets for about $80 per hour, according to Jackson. For those not willing to spend even that much, low-cost options starting at $10 per hour for one million bots are readily available for conveniently distributing smaller spam loads and malware.
All an enterprising hacker needs to take advantage of such services is a plan, Schipka said. "You would need to figure out your business model and draw up a business plan," he said. "If you were renting a bot for three hours at a $100 per hour to deliver spam it means you need to make more than that to benefit from the use of the service." If it's some other sort of malware being seeded via a botnet -- such as a keylogger or Trojan -- the cost of purchasing the code would have to be included as well, Schipka he said. "...They'd need to be looking for a botnet with the highest quality and the lowest amount of money."
-- Ye Olde Malware tools. Do-it-yourself enthusiasts have a wider range than ever before of malware tools, including Trojans, zero-day exploits, rootkits, spyware programs and keyloggers, according to Jackson and Schipka. For around $3,000 to $3,500, serious shoppers can find sophisticated polymorphic malware capable of delivering all sorts of nasty code on vulnerable computers while constantly morphing to evade detection. Variants can be purchased separately for less than $10 on average to about $20 a piece. In some cases, variants can be delivered at the rate of one new variant every 59 minutes, or precisely one minute less than the hourly cycles many anti-virus vendors use to push out new virus signatures, said Schipka.
Likely to be in high-demand are customized Trojan programs specifically designed to steal identity and patient data from systems belonging to health care providers, Jackson said. Current black-market rates for this kind of ID information, which is typically used to defraud health insurers, is about $200 per patient profile.
In the stocking stuffer class are tools such as the Webattacker malware creation kits, exploits from sites such as WabiSabiLabi and numerous one-click phishing kits available from groups such as the Russian Business Network, Jackson said.
-- Data providers. These consumer-friendly service providers are targeted at intrepid entrepreneurs looking to use someone else's identity and financial information for their own gain. As an industry niche that's been around longer than many others, data providers today cater to a wide-ranging audience with disparate needs. Some specialized services offer identity information, complete with driver's license photos, passport scans, credit card numbers, e-mail and street addresses -- all for as little as $5 a pop, according to Schipka. At the higher end, health-care related identity data or information belonging to high-level corporate executives can go for nearly $200 per victim. And then there are services that let individuals buy stolen credit card data at between 2 percent to 4 percent of the credit balance left on the cards, Schipka said.
More:
http://www.pcworld.com/article/id,138576-c,hackers/article.html
Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from.
Servicing them is a growing underground market bristling with botnets, Trojans, rootkits, spyware and all sorts of shady services aimed at everybody from the humble do-it-yourself hacker to sophisticated, organized criminal gangs.
"Just like there is a B2B marketplace, now there's a C2C -- criminal-to-criminal -- market," said Don Jackson, security researcher with Atlanta-based security vendor SecureWorks Inc.
And just like their more legitimate commercial counterparts, the operatives in this shadow economy operate on a free market principle, replete with concepts such as volume discounts, customer loyalty programs and referral services, added Makshym Schipka, senior architect for security vendor MessageLabs Ltd. "It's not just organized crime that is behind a lot of modern threats" on the Internet, said Schipka.
A lot of the activity is shifting more to a thriving open-market model filled with multiple criminal enterprises and individuals offering a whole portfolio of tools and services that are often just a Google click or two away from those who seek them.
"People are becoming more specialized in delivering goods and services in this market," he said. "You can either buy the things you want, or sell the things you made" with considerable impunity, he said. Just as there's a High Street for legitimate businesses, there's one for online criminals as well, said the London-based Schipka.
Here, according to Jackson and Schipka, are some the items likely to be in high demand by hackers shopping in this underground marketplace this coming holiday season:
-- Build A Storm Botnet: This new and uniquely crafted malware tool has been designed with the really high-end hacker in mind and is likely to be one of the hottest items this season, according to Jackson. For prices starting at US$100,000, spammers and other malicious attackers can now buy their very own Storm botnet, complete with fast flux DNS and hosting capabilities. Making it possible is a smart new 40-byte encryption feature supported on the latest Storm variants that hackers can basically use to segment compromised machines into their own little Storm botnets.
"Think of this as an FAO Schwarz kind of item," Jackson says. "Rather than leasing a botnet service and paying bot by bot for a good e-mail run or iFrame blast, you can pay for it all at once and have your own little Storm botnet ," Jackson said. The people who would buy such services are those who have already made their loot using leased services and are looking to start owning infrastructure, he said.
-- Rent-A-Bot services: Who needs to buy a botnet when you can lease a perfectly good one by the hour at a fraction of the price? Available in abundance this season, such botnet services are designed to let average spammers deliver a gazillion copies of their malware without them having to invest in the infrastructure needed to do so, Schipka said. For as little as $100 to $200 per hour, spammers can get access to a fully functional botnet capable of delivering the finest image spam and body part enhancement ads to millions at the click of a button, he said.
And such rent-a-bots aren't just for spammers anymore, Jackson said. What makes these versatile services so broadly appealing to bad guys is that they can be easily adapted to deliver the malware of choice or to launch distributed denial of service (DDOS) attacks against extortion targets. One example is the BlackEnergy botnet, which can be used to launch DDOS attacks against specific targets for about $80 per hour, according to Jackson. For those not willing to spend even that much, low-cost options starting at $10 per hour for one million bots are readily available for conveniently distributing smaller spam loads and malware.
All an enterprising hacker needs to take advantage of such services is a plan, Schipka said. "You would need to figure out your business model and draw up a business plan," he said. "If you were renting a bot for three hours at a $100 per hour to deliver spam it means you need to make more than that to benefit from the use of the service." If it's some other sort of malware being seeded via a botnet -- such as a keylogger or Trojan -- the cost of purchasing the code would have to be included as well, Schipka he said. "...They'd need to be looking for a botnet with the highest quality and the lowest amount of money."
-- Ye Olde Malware tools. Do-it-yourself enthusiasts have a wider range than ever before of malware tools, including Trojans, zero-day exploits, rootkits, spyware programs and keyloggers, according to Jackson and Schipka. For around $3,000 to $3,500, serious shoppers can find sophisticated polymorphic malware capable of delivering all sorts of nasty code on vulnerable computers while constantly morphing to evade detection. Variants can be purchased separately for less than $10 on average to about $20 a piece. In some cases, variants can be delivered at the rate of one new variant every 59 minutes, or precisely one minute less than the hourly cycles many anti-virus vendors use to push out new virus signatures, said Schipka.
Likely to be in high-demand are customized Trojan programs specifically designed to steal identity and patient data from systems belonging to health care providers, Jackson said. Current black-market rates for this kind of ID information, which is typically used to defraud health insurers, is about $200 per patient profile.
In the stocking stuffer class are tools such as the Webattacker malware creation kits, exploits from sites such as WabiSabiLabi and numerous one-click phishing kits available from groups such as the Russian Business Network, Jackson said.
-- Data providers. These consumer-friendly service providers are targeted at intrepid entrepreneurs looking to use someone else's identity and financial information for their own gain. As an industry niche that's been around longer than many others, data providers today cater to a wide-ranging audience with disparate needs. Some specialized services offer identity information, complete with driver's license photos, passport scans, credit card numbers, e-mail and street addresses -- all for as little as $5 a pop, according to Schipka. At the higher end, health-care related identity data or information belonging to high-level corporate executives can go for nearly $200 per victim. And then there are services that let individuals buy stolen credit card data at between 2 percent to 4 percent of the credit balance left on the cards, Schipka said.
More:
http://www.pcworld.com/article/id,138576-c,hackers/article.html