It’s a well-documented fact that malware is a lucrative business, unleashing a whole host of trojans, spyware and computer viruses which infect our systems, steal our identities and extract sensitive business information. What is perhaps lesser known is the frightening extent to which the ‘bad guys’, who orchestrate the constant wave of global malware, are inter-dependent and highly organised.
The online market has revealed a huge amount of competition between cybercriminals. This has led to the emergence of specific criminal roles, or areas of expertise within the system.
The creator/innovator/supplier
At the beginning of the chain are the ‘malware writers’ who create new viruses, spyware and trojans to infect computers. For as little as US$250, you can buy off-the-shelf malware, not detectable by major AV vendors and, for an extra US$25 a month, you can subscribe to updates that will ensure your malware remains undetectable.
The vendor/ PR officer/marketing executive
A ‘malware middleman’ buys malware from ‘the supplier’ and uses the services of a ‘botnet owner’ to spread it. A botnet is a remotely-controlled network of computers that have been infected by a virus. Typically, they are poorly protected computers belonging to innocent people around the world. You may have a bot running on your PC now and not know it. Middlemen give botnet owners the computing horsepower and network connectivity to spam out millions of emails, distribute hundreds of thousands of trojan attacks or host a malicious website. Once the malware has spread, the malware middleman can sit back and start to collect stolen information and stolen identities.
The market tradesman — buy low on the net, sell high on the streets
There is another category of middleman who specialises in turning stolen credit card identities into cash. He will buy credit card information and then use a ‘drop service.’ A ‘drop’ is someone who receives goods purchased with a stolen credit card. A middleman buys goods from online shops using stolen credit card numbers — typically cameras and portable computers — and then ships them to drops. The drops, in turn, post them on or sell them immediately for cash.
Authentic merchandise guaranteed — counterfeit goods intercepted
Fraud and rip-offs are so common in the underworld of cyber warfare that a system of guarantors and escrow accounts has emerged. For example, a drop service provider might offer a guarantee to the market tradesman that they will be paid their cut of the sale of any goods.
Similarly, guarantors will provide an escrow service. For example, a buyer will transfer payment to the guarantor and the seller will transmit the virus code or the credit card numbers. If the goods check out, the funds are released. Typically, these guarantors take 2–3% of the transaction value for their services.
Selling installs
One of the most recent worrying trends is evidence that spyware authors are offering financial rewards to botnet operators and other cyber criminals to covertly install their spyware. The rationale behind this activity is that the income generated using spyware depends entirely on how many installs it achieves, and by harnessing the power of a botnet, cybercriminals maximise the number of potential installs. Once a botnet has successfully installed the spyware, an alert is sent back to the ‘seller’ who then pays the ‘affiliate’ — the owner of the botnet.
Geographical location is also an important factor in using botnets to install spyware. For example, successful installs on 1000 machines in Australia earns a whopping US$100 but only US$50 in the US.
Despite the clear parallels between the real economy and the cybercrime shadow economy explored in this article, the majority of the legislation in place to prevent organised crime in the real world does not exist virtually. However, what is clear is that the more this kind of activity is understood and explained across the world and legislation is introduced in response, the better equipped the global security industry will be to police the internet across multiple geographies in an effective way.
*Kerrie-Anne Turner is the Country Manager of MessageLabs for Australia and New Zealand.