Skip to main content


I have always been puzzled as to why the total cost of e-crime dropped in the most recent CSI/FBI crime survey. Now the reason is clear: online crime is no longer predominately the purvue of lonely teens seeking self-esteem, it is increasingly being propogated by organized crime gangs selling access to 'owned' machines. Since they only need 5,000-10,000 machines per sale, that is all they get. If they got more than that it increases the possibility of exposure, reducing the value of those machines.

At AusCERT, Eugene Kaspersky discussed the new economic model of the malware industry:

According to Kaspersky, organised criminals are adverting zombie computers for rent on underground newsgroups and Web pages. When they receive an order for a certain-size army, they set about trying to infect computers using infected e-mail attachments or socially-engineered spam with links to malicious Web pages. As soon as they infect enough computers to fulfil the order, they stop using that particular piece of malware.

"It seems that, say the virus author needs 5,000 infected computers, they put the Trojan on a Web page and wait for 5,000 machines to be infected. Then they remove the Trojan because that is enough. When they get a new request for another zombie network, they release a new Trojan -- they are able to control the number of infected computers," said Kaspersky.

This new model also applies to phishing and pharming. It will be much more effective to attack a small number of online banking users with an undetectible virus/key stroke logger and process those funds than to try to process a huge number.

Perhaps this is why the keystroke loggers seen to date have a limited number of banks listed as keywords that activate the loggers. It is probably best to transfer the money from the legitimate account to a fraudulent account in the same bank. You need 'mules' in place to transfer the money. If a mule gets caught, your risk increases, so it is best to not raise attention.

They may also start to specialize. A fraudster might set up mules and fake accounts at a bank, then contract with another party to deliver a certain number of accounts for that bank.

Currently unrated

Recent Posts







RSS / Atom