Support Services for Attackers Grow
Ever had trouble getting a business-critical application to work? You're not alone. It turns out attackers sometimes have the same problem.
And just like you, they need somewhere to turn to. Enter the virtual offices of botnet support and malware quality assurance, places where cyber-criminals can find their own help desks.
"Browsing the Web and hacking forums will reveal literally hundreds of online botnet malware providers," blogged Gunter Ollmann, vice president of research at Damballa. "It's a competitive business. Not only must these providers compete on a per-feature basis within their malware DIY construction kits, but they must also provide differentiated support for their customers."
As an example, he spotlighted a site called FurioGaming, which offers everything from botnet agents to hacking tools to a bot Trojan distribution service. At the bottom of their advertisement of their "Bot RAT Trojan Spreading Service" is a place where you can click to open a support ticket.
"Just like legitimate commercial Internet service providers, 24Ã7 customer support is expected," Ollmann wrote. "In this case, FurioGaming offers a dedicated support ticketing system. FurioGaming aren't the only botnet service providers to operate this way and to have a comprehensive help desk ticketing system, but they are one of the most polished and brazen that I've come across."
Similarly, malware quality assurance services like Virtest.com, which reportedly attracts more than 800 visitors a day, are out there as well. According to Ollmann, there has been an explosion in malware scanning portals in the last six moths. These portals cater to professional attackers and guarantee the privacy of submitted samples, he said.
They also include "the ability to bulk-upload caches of new samples for testing, CSV formatted reports, automatic tweaking of samples to avoid certain antivirus engines, continuous testing of samples (i.e. alerting of when an antivirus update appears that is capable of detecting a submitted sample) and multiple alerting features (e.g. e-mail, SMS text messaging, IRC/Jabber alerts, etc.)," Ollmann wrote.
These services are not free, but allow attackers to test malware against anti-virus products they are likely to come across on user's desktops, he explained.
"An integral part of modern cyber-crime and the successful release of new botnet malware components lies with quality assurance (QA) - i.e. testing malware samples against current antivirus technologies prior to release, and guaranteeing evasion," Ollmann said.