Criminals operating malware supermarkets

Criminals operating malware supermarkets
Criminals operating malware supermarkets 

By John E. Dunn
10 September 2007

The global market for criminal malware now operates like a supermarket, 
complete with special offers and volume discounts, a security company 
has discovered.

According to Panda Softwares latest quarterly report, the going rate for 
a reasonably sophisticated but generic Trojan is between 175 ($350) and 
350 ($700), while the email list with which to target victims for the 
program costs from 50 ($100) per million names.

The malware writers even offer specials in one case the company 
discovered a site selling a payment capture Trojan for 200 ($400) to the 
first 100 customers to sign up, a saving of 50 ($100) off the normal 

The company is shy of giving more details of the sites from which such 
offers were being made, but was willing to say that it considered Russia
- an area with poor anti-malware legislation as a prime location for the 
malware industry.

"In recent months we have witnessed the growing professionalisation of 
digital crime," said Panda Softwares lab chief Luis Corrons. "The first 
step for cyber-crooks was when they started looking for profits from 
their activity instead of just notoriety. Now they are creating a vast 
online malware market, where there are even specialised segments. New 
business models are appearing, as we speak," he said.

According to Corrons, the malware industry now appears to be turning 
from being just a shop from which malware can be bought, to one where 
services are offered. For between one and five dollars per executable, 
malware could be cloaked - encrypted - against the anti-virus software 
programs it was likely to encounter on a for-hire basis. Finally, 
criminals could rent spam servers for 250 a time to distribute their 
assembled malware package, the company said.

Corrons also provides details of the cost of hiring DDoS attacks in his 
blog. This malware market is completely online. All types of creations 
and crimeware tools can be bought in hundreds of forums. Even though 
most web pages have been located in Eastern European countries, mafias 
extend their networks worldwide, he said.

"Although it may look difficult to find web pages where these tools are 
sold, it is not. All you have to do is search in browsers for forums 
where hacking services are rented or where Trojans are sold."

If using malware to attack users is so lucrative, why do some criminals 
choose to sell their expertise rather than exploit the programs 
themselves? This is a harder question to answer, but could have 
something to do with risk. Better a low-risk, lower return that is 
guaranteed than a high-risk, high-return one that is not.

Visit the InfoSec News Bookstore 

Site design & layout copyright © 1986-2015 CodeGods