Feeds

Black market for malware a thriving place

It slices, it dices . . .

Providing a secure and efficient Helpdesk

Defcon The sale of Trojans, phishing kits and other types of malware thrives in a growing marketplace that resembles many of the more legitimate businesses that have set up shop online over the past decade.

With a wealth of online bazaars, 24-by-7 support and the ability for other buyers to weigh in on the quality of the products, this malware economy continues to make it easier to break into the shady world of computer crime.

Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, presented data collected by his honey net team over the past 16 months at the Defcon security conference in Las Vegas. Adopting user-feedback ratings, independent reviews and discounts for bulk purchases, the malware business models often appear to mimic those of eBay, Yelp or Ronco.

"It's especially important thinking about stolen data, when there's time sensitive materials involved," Holt said during his presentation. "You can basically build a nice arsenal of attack tools by going to these sites."

Holt's research was gathered with the help of a team of grad students who monitor about 30 forums on IRC and the web. His discovery of a bubbling underground economy that mimics the public web isn't exactly new. But it does bring a fresh infusion of data that suggests the economy is maturing and expanding.

Any boob can jump on an online forum and claim to have a flaw-free Trojan, so many online marketplaces adopt buyer-feedback ratings. Many sites compile user comments to generate labels that get attached to each forum participant. A "ripper," for example, describes fraudulent sellers out to rip off buyers while a "verified seller" designates a user known to actually deliver products that work as advertised.

There are also sites that provide independent reviews that sellers with positive feedback can link to when advertising their wares.

"Thanks you for a FreeJoiner," reads one syntax challenged user review concerning a malware tool by that name. "Is the best program in its class that I have ever seen, the result of these use was not long in coming, weaknesses and suggestions on the work simply no!"

The sites unabashedly promote the virtues of the malware tools advertised. An ad for the Suicide DDoS bot, for example, promises the malware can be controlled via web access or IRC, injects code into trusted processes, and is not detected by antivirus programs. An ad for the PG Universal Grabber Trojan promises standard updates, bug fixes and optimization as part of the $700 purchase.

It would seem that buying naughty code is as easy as buying Britney's undies on eBay. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.