Feeds

Black market for malware a thriving place

It slices, it dices . . .

Top 5 reasons to deploy VMware with Tegile

Defcon The sale of Trojans, phishing kits and other types of malware thrives in a growing marketplace that resembles many of the more legitimate businesses that have set up shop online over the past decade.

With a wealth of online bazaars, 24-by-7 support and the ability for other buyers to weigh in on the quality of the products, this malware economy continues to make it easier to break into the shady world of computer crime.

Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, presented data collected by his honey net team over the past 16 months at the Defcon security conference in Las Vegas. Adopting user-feedback ratings, independent reviews and discounts for bulk purchases, the malware business models often appear to mimic those of eBay, Yelp or Ronco.

"It's especially important thinking about stolen data, when there's time sensitive materials involved," Holt said during his presentation. "You can basically build a nice arsenal of attack tools by going to these sites."

Holt's research was gathered with the help of a team of grad students who monitor about 30 forums on IRC and the web. His discovery of a bubbling underground economy that mimics the public web isn't exactly new. But it does bring a fresh infusion of data that suggests the economy is maturing and expanding.

Any boob can jump on an online forum and claim to have a flaw-free Trojan, so many online marketplaces adopt buyer-feedback ratings. Many sites compile user comments to generate labels that get attached to each forum participant. A "ripper," for example, describes fraudulent sellers out to rip off buyers while a "verified seller" designates a user known to actually deliver products that work as advertised.

There are also sites that provide independent reviews that sellers with positive feedback can link to when advertising their wares.

"Thanks you for a FreeJoiner," reads one syntax challenged user review concerning a malware tool by that name. "Is the best program in its class that I have ever seen, the result of these use was not long in coming, weaknesses and suggestions on the work simply no!"

The sites unabashedly promote the virtues of the malware tools advertised. An ad for the Suicide DDoS bot, for example, promises the malware can be controlled via web access or IRC, injects code into trusted processes, and is not detected by antivirus programs. An ad for the PG Universal Grabber Trojan promises standard updates, bug fixes and optimization as part of the $700 purchase.

It would seem that buying naughty code is as easy as buying Britney's undies on eBay. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.