Getting Around Anti

By Lisa Vaas  |  Posted 2007-07-20 Print this article Print

-Virus Programs"> Therefore, crooks take only a few hundred from each account. If the crook in the previous example were to steal $100 from each of his 10,000 breached bank accounts, he would become a millionaire in short order, all from an initial investment of only $1,120.

Here are some sample prices for purchasing mailing lists, from PandaLabs report:
    No. of addresses United States Germany Russia Ukraine
    1,000,000 $100 $100 $100 $100
    3,000,000 $200 $200 $200 $200
    5,000,000 $300 $300 $300 --
    8,000,000 $500 $500 $500 --
    16,000,000 $900 -- -- --
    32,000,000 $1,500 -- -- --
After crooks have a Trojan and a list of target addresses, the next step is to make sure anti-virus programs dont detect the malicious code. For this purpose, criminals can rent a service to protect malware against specific security tools, for a price that ranges between $1 and $5 per hidden executable. Also for sale is do-it-yourself polymorphic encryption software, called Polaris, that sells for a mere $20. After that, a crook merely has to sit back and wait for the filched data to start coming in. Storing it, however, presents a problem, given that criminals dont want to store stolen confidential data on their personal PCs. They can, however, turn to the malware market to get an FTP client account or a hosting service, such as RapidShare, to store data anonymously. Prices range from $1 for an FTP account to $28 for renting a Premium account in RapidShare. Discovery on either will mean that an accounts legitimate owner will be blamed. Malware money is tough to trace. Click here to read more. The preferred method of payment for these items is generally online payment systems, such as WebMoney, which leave few tracks for authorities to sniff out the crooks. Other things for sale on the malware market include DDoS (distributed denial of service) attacks, which are priced depending on their duration: $10 for a 1-hour attack on up to $100 for a day-long attack. Vendors offer to let you take a DDoS attack for a spin, as well: Name a server and theyll shut it down for 10 minutes to demonstrate the services quality. Blackmail is the name of the game with DDoS attacks. Other wares on the malware market include: Up-to-date programs that exploit the latest vulnerabilities to infect computers such as MPack (around $700); software to collapse servers and cause DDoS ($500); online shopping accounts from which to buy a fake profile ($50 each). As for the custom Trojan maker, Pinch, other abilities include a feature called NET that lets attacks turn an infected computer into a proxy so that it can be used to perform malicious or criminal activities without leaving a trace. Trojans can also be turned into downloaders that download other executable files onto the compromised computer, PandaLabs said. Pinch also has a BD tab that allows criminals to specify the ports that the Trojan will open on the infected computer, thus providing backdoors. A tab labeled ETC also allows the Trojans to be hidden through techniques including rootkits. But one of the most dangerous features in Pinch can be found on the WORM tab, PandaLabs said. This allows users to add worm features to their Trojans, thus allowing the malware to replicate and spread via e-mail. Other goodies Pinch can deliver: turning infected computers into zombie PCs; packing Trojans to make detection more difficult; and killing certain system processes, particularly those of security solutions. Pinch also lets users define how stolen data will be sent: via SMTP, HTTP or by leaving stolen data in a file on the infected computer to retrieve it later through a port opened by the Trojan itself. Pinch is powerful—scary powerful. But whats even more scary than its powerful features is that its so easy to use. "Pinchs main danger is that it is very easy to use, so any malicious user with basic computer knowledge could create a Trojan in a very short time for very little money", said Corrons. PandaLabs instructs those who think their system might be infected to scan it for free at Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel