By Graeme Wearden in San Francisco
09 Feb 2007
It's becoming cheaper and easier to get hold of the tools needed to
launch a cybercrime attack, security firm RSA claimed on Thursday.
Jens Hinrichsen, the company's product marketing manager for fraud
auction, said RSA had been monitoring the websites and ICQ channels
where malicious hackers and cybercriminals interact. These sites allow
participants to share feedback and even review each other's products.
Addressing an audience at the RSA Conference 2007 in San Francisco,
Hinrichsen showed several screengrabs to illustrate that the prices
being asked for hacking tools have been dropping, with many participants
embracing volume discounts and other incentives.
One example was a post offering a "Super Trojan" which could be used to
install malicious code on a victim's PC for $600 (307).
"What's interesting is that this is actually a reviewed vendor, whose
actually had a lot of good transactions. He's offering this custom piece
of crimeware for only $600," said Hinrichsen, who said he "loved the
term Super Trojan".
"So, when we talk about the ever-increasing ramp-up of more
sophisticated tools, the prices are coming down."
Another example was someone selling email address lists and login
details for sites such as eBay.
"For one to ten accounts, this guy would charge you five bucks ($5) per
account. But they've got discounted rates, just like any other
institution would offer their customers, so if you buy 10 to 50 accounts
he'll give it to you for 4.50 each. Fifty more accounts would be $3.50
each," said Hinrichsen.
Other examples shown included a list of 15,000 email addresses, which
had all apparently been verified as genuine, for sale for $1,500, a
hacked root server for $100 to 150, and someone offering to host a
financial scam on his website for $20 per day, or $80 for a week.
Subscribe to the InfoSec News RSS Feed