I received an email today that got me to thinking. One of the more insidious aspects of the malware underground (not that there really is any one thing) is the idea of malware as a service. The criminal element that lurks in the dark places on the internet has realized that they can retire rich men and women.
That is, as long as they don’t get caught.
While sitting though a presentation at Defcon I was afforded a look into the world that spawned tools such as the MPack software package. For a small(ish) fee around $1000 you too can be a phisher. Sales of these software packages soared thanks in no small part to the antivirus companies themselves talking about the threat that they posed. So, rather than risk capture in the act these particular negative types provide the application to the bent folks that are looking for an easy buck. And packages such as this receive software updates! A fully flushed out business model. I am reminded of a quote I heard once, “guns don’t kill people…”
Now the email, which I mentioned at the outset, pointed me to an article on one of my favourite magazines, CSO. This particular article deals with malware as a service. Part of a series on the economics of the malware underground.
From CSO/CIO:
By 2006, online banking was ubiquitous and form-grabbers had been refined into remarkably efficient, multi-purpose bots. Corpse himself was peddling a sophisticated Haxdoor derivative called Nuclear Grabber for as much as $3,200 per copy. Nordea Bank in Sweden lost 8 million kronor ($1.1 million) because of it.
But by last October, despite his success, Corpse decided that it was time to lay low. A message appeared on a discussion board at pinch3.net, a site that sold yet another Haxdoor relative called pinch.
“Corpse does cease development spyware? news not new, but many do not know” reads a post by “sash” translated using Babelfish. It then quotes Corpse: “I declare about the official curtailment of my activity of that connected with troyanami [trojans]”
This past January, a reporter for Computer Sweden chatted with Corpse, pretending to be a potential customer. Corpse tried to sell him Nuclear Grabber for $3,000 and crowed that banks sweep 99 percent of online fraud cases under the rug. After Computerworld Australia published the chat, Corpse disappeared. He hasn’t been heard from since.
It’s an interesting piece. Read on.
Tags: VXers, Malware, Trojan, Gozi Trojan, Virus, Internet Crime
