Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Malware Encryption and Infection Services Commoditised

Trusteer : 01 December, 2011  (Technical Article)
Trusteer explains the new trend of providing commodity services for encryption of malware as well as malware infection services and what this means for the security industry
Malware Encryption and Infection Services Commoditised
Services for fraudsters utilizing malware are not new – Anti Virus (AV) Checkers, Malware Encryption and Malware Infection services have existed in the criminal underground market for several years. However, recent Trusteer Research has indicated changes in service scope and price due to service convergence and demanding buyers.

So what’s new?

One-stop-shop - Trusteer Research came across a new group that besides offering infection services (for prices between 0.5 and 4.5 cents for each upload, depending on geography) also provides polymorphic encryption and AV checkers. This new one-stop-shop approach for malicious services is a natural evolution of the market – if the customers need to infect, then they also need to evade AV. Why not sell the whole package?

For Polymorphic encryption of malware instances they charge from $25 to $50 and for prevention of malware detection by anti-virus systems (AV checking) they charge $20 for one week and $100 for one month of service.

It’s a buyer market - Trusteer Research has also come across advertisements published by prospective buyers of infection services. The ad basically presets the buying price, how it is charged and the scope of the service:

* The advertiser pays only for unique uploads
* The calculations will be conducted according to the advertiser's own Black Hole (exploit kit) stats module
* The advertiser will pay in advance to the sellers with recommendations, i.e. those that have 1-10 "fresh" forum messages. Otherwise, the sellers will get paid afterwards
* The final paid price depends on percentage of infections
* The domains are checked via a malware scan service website (scan4you) during the day. If the domain is recognized as blacklisted on anti-virus databases, the advertiser will automatically replace it with another

Lastly, in an attempt to stay competitive we came across an ad by an Encryption Service provider that sold its service for 20$ per file, and offered a money back guarantee if it fails an AV checker.

According to Amit Klein, Trusteer's CTO, “Some malware services like AV checking and Encryption are becoming a commodity, driving cybercriminals to consolidate services to stay competitive and introduce new offerings like the Phone Service.”

“Trusteer’s advises banks and their online banking users to maintain constant vigilance, apply software updates, maintain an awareness of new threats”, Klein said. “Trusteer strongly recommends to complement desktop hygiene solutions like Anti Virus with security controls specifically designed to protect against Financial Malware.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo