Feeds

Black market for malware a thriving place

It slices, it dices . . .

Top 5 reasons to deploy VMware with Tegile

Defcon The sale of Trojans, phishing kits and other types of malware thrives in a growing marketplace that resembles many of the more legitimate businesses that have set up shop online over the past decade.

With a wealth of online bazaars, 24-by-7 support and the ability for other buyers to weigh in on the quality of the products, this malware economy continues to make it easier to break into the shady world of computer crime.

Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, presented data collected by his honey net team over the past 16 months at the Defcon security conference in Las Vegas. Adopting user-feedback ratings, independent reviews and discounts for bulk purchases, the malware business models often appear to mimic those of eBay, Yelp or Ronco.

"It's especially important thinking about stolen data, when there's time sensitive materials involved," Holt said during his presentation. "You can basically build a nice arsenal of attack tools by going to these sites."

Holt's research was gathered with the help of a team of grad students who monitor about 30 forums on IRC and the web. His discovery of a bubbling underground economy that mimics the public web isn't exactly new. But it does bring a fresh infusion of data that suggests the economy is maturing and expanding.

Any boob can jump on an online forum and claim to have a flaw-free Trojan, so many online marketplaces adopt buyer-feedback ratings. Many sites compile user comments to generate labels that get attached to each forum participant. A "ripper," for example, describes fraudulent sellers out to rip off buyers while a "verified seller" designates a user known to actually deliver products that work as advertised.

There are also sites that provide independent reviews that sellers with positive feedback can link to when advertising their wares.

"Thanks you for a FreeJoiner," reads one syntax challenged user review concerning a malware tool by that name. "Is the best program in its class that I have ever seen, the result of these use was not long in coming, weaknesses and suggestions on the work simply no!"

The sites unabashedly promote the virtues of the malware tools advertised. An ad for the Suicide DDoS bot, for example, promises the malware can be controlled via web access or IRC, injects code into trusted processes, and is not detected by antivirus programs. An ad for the PG Universal Grabber Trojan promises standard updates, bug fixes and optimization as part of the $700 purchase.

It would seem that buying naughty code is as easy as buying Britney's undies on eBay. ®

Internet Security Threat Report 2014

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.