Malware Economy is Thriving

TORONTO — The legitimate economy may be in rough shape right now, but the same cannot be said for the underground economy. Malware authors and botmasters are thriving, experts say, with some online criminals charging as much as $3,500 for their attack toolkits.

TORONTO — The legitimate economy may be in rough shape right now, but the same cannot be said for the underground economy. Malware authors and botmasters are thriving, experts say, with some online criminals charging as much as $3,500 for their attack toolkits.

But don’t be intimidated by the high price point. That’s a premium product. More basic exploit kits can be had for as little as $100. But even at that price, the attackers are doing just fine, thank you.

“The bad guys are doing really great,” said Roy Firestein of Digital Defence, speaking in a session on modern crimeware toolkits at the SecTor 2009 conference here. “How are the good guys doing? Not so good.”

Firestein has been researching a variety of malware families, exploit toolkits and botnets and found a wide range of options, pricing schemes and capabilities. At the top of the heap sit kits such as the Adrenalin botnet kit, which sells for $3,500 right now and can be customized to suit the needs of even the most demanding attacker. Adrenalin includes 24×7 technical support, built-in exploits, the ability to steal digital certificates and the option to encrypt the stolen data.

Following the lead of other recent malware packages, Adrenalin also will take the extra step of removing other bots and attack toolkits from infected machines.

Several of the packages that Firestein described also include comprehensive statistical engines that report the number of each kind of browser that’s been infected, how many machines total have been attacked and can even create graphs.

Firestein spent quite a bit of time on the notorious Zeus Trojan, which has been busily creating a massive botnet in the last few months, a network that some estimates have put in the millions. Zeus is an all-in-one package that gives buyer’s the ability to infect a large volume of machines as conveniently as possible.

“It’s the infection point and the command and control panel all in one,” Firestein said. “You put it up and just start infecting people. You put up some iFrames on other sites and start linking to them and you’re set.”

Suggested articles