Cybercriminals offer complex infection services
Posted on 30.11.2011
Services for fraudsters utilizing malware are not new – AV checkers, malware encryption and malware infection services have existed in the criminal underground market for several years.

However, recent research has indicated changes in service scope and price due to service convergence and demanding buyers.


What's new?

One-stop-shop - Trusteer Research came across a new group that besides offering infection services (for prices between 0.5 and 4.5 cents for each upload, depending on geography) also provides polymorphic encryption and AV checkers. This new one-stop-shop approach for malicious services is a natural evolution of the market – if the customers need to infect, then they also need to evade AV. Why not sell the whole package?

For Polymorphic encryption of malware instances they charge from $25 to $50 and for prevention of malware detection by anti-virus systems (AV checking) they charge $20 for one week and $100 for one month of service.

It’s a buyer market. Researchers also came across advertisements published by prospective buyers of infection services. The ad basically presets the buying price, how it is charged and the scope of the service:
  • The advertiser pays only for unique uploads
  • The calculations will be conducted according to the advertiser's own Black Hole (exploit kit) stats module
  • The advertiser will pay in advance to the sellers with recommendations, i.e. those that have 1-10 "fresh" forum messages. Otherwise, the sellers will get paid afterwards
  • The domains are checked via a malware scan service website (scan4you) during the day. If the domain is recognized as blacklisted on anti-virus databases, the advertiser will automatically replace it with another.
The final paid price depends on percentage of infections:
  • $4.5 for 1,000 of traffic with 3% of infections
  • $6 for 1,000 of traffic with 4% of infections
  • $30 for 1,000 of traffic with more than 20% of infections.
In an attempt to stay competitive we came across an ad by an Encryption Service provider that sold its service for 20$ per file, and offered a money back guarantee if it fails an AV checker.





Spotlight

The psychology of phishing

Posted on 23 July 2014.  |  Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //