Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Trend Micro Report Provides Look Into Russian Malware Black Market

    By
    Brian Prince
    -
    November 2, 2012
    Share
    Facebook
    Twitter
    Linkedin

      It’s a bustling marketplace with enough buyers, sellers and services to rival any retail industry. But it’s not your local clothing store; it’s the Russian cyber-underground.

      For just $30 U.S., an interested party can purchase a one-day denial-of-service (DoS) attack. If the buyer wants the attack to go on for a week, the price jumps to $150 U.S.

      “This market has evolved into a very well-organized community of developers, buyers and sellers of crimeware,” explained Jon Clay, senior product marketing manager at Trend Micro.

      “With the increase in capitalism in Russia,” he continued, “they [cyber-criminals] have built up a very profitable economy with many members and people who participate in many ways. You have developers/programmers who all they want to do is create and sell their stuff to the highest bidder. You have individuals or groups who purchase tools to use in conducting cyber-crime. You also have middlemen who simply buy and sell and make a little profit with each transaction.”

      “But over the years, this underground economy has flourished and become one which seems to work very well, just like legitimate industries,” Clay said.

      In a new report, Trend Micro outlined a massive market for hacker goods and services, ranging from exploits to dedicated server sales and hosting. Software flaw exploits, the report notes, are typically sold individually or in bundles, though some are also available for rent. The Styx Sploit pack—which targets Java, Adobe Flash Player and Adobe Acrobat—can be rented for $3,000 a month.

      “As a rule, bundled exploits are encrypted to avoid malware detection by security software,” according to the report. “Bundle developers also try to obfuscate their exploits’ source code to prevent victims from noticing them running on Websites,” the report said.

      Furthermore, “each bundle may also be able to obtain statistics (e.g., a mechanism for recording the number of visitors, their OS versions, their browser versions, etc.),” the report noted.

      “An exploit’s reach is a measure of its efficiency—the ratio of users on whose computers the exploit worked to the total number of users who visited a page in which it was embedded,” the report continues. “As such, if 1,000 users visited an exploit-laden page, and the computers of 200 people were successfully infected with a Trojan, that exploit’s reach is equal to (200/1,000),” equal to a 20 percent success rate.

      The most popular email domains cyber-criminals hack in Russia are Mail.ru, Yandex.ru and Rambler.ru, the report notes, though the social networks Vkontakte and Odnoklassniki are also popular targets. Tools and services for hacking Gmail, Hotmail and Yahoo Mail are also available but at “premium prices,” the report noted.

      Offerings for hacking ICQ, Skype, Twitter and Facebook accounts as well as other services are not very popular, but may also be found, the report said.

      On a number of forum sites, regular communication and advertising is done by people selling their tools and code, Clay told eWEEK.

      “Due to the amount of opportunity for monetizing crimeware, I don’t believe there is a huge amount of competition,” he said. “Prices certainly fall, but mainly this is due to older kits or tools that don’t have as much value today as they once did. So you see prices falling,” said Clay.

      “Supply and demand is very prevalent in this industry, and it follows the traditional economic rules. But you do see a lot of advertising for tools, but the transactions are typically made via nonpublic communication channels in an effort to stay safe from law enforcement,” he said.

      The Russian shadow economy is a service-oriented economy of scale that has “become a kleptocracy wherein crony capitalism has obtained a new lease on life,” the report says.

      Like any underground business, however, there is a mix of greed and mistrust governing relations.

      “Our researchers have successfully communicated with some criminals who are less cautious than others, but certainly some of these hackers are very security-conscious and will go to some lengths to vet a customer,” said Clay.

      “This is typically true when it is a new potential customer who they have not worked with in the past. This is a community, and as such, they buy and sell to the same people over time, so many customers are repeat customers and obviously have a better reputation with the seller than someone new,” Clay said.

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×