It's becoming cheaper and easier to get hold of the tools needed to launch a cybercrime attack, security firm RSA claimed on Friday.
Jens Hinrichsen, the company's product marketing manager for fraud auction, said RSA had been monitoring the Web sites and ICQ channels where malicious hackers and cybercriminals interact. These sites allow participants to share feedback and even review each other's products.
Addressing an audience at the RSA Conference 2007 in San Francisco, Hinrichsen showed several screengrabs to illustrate that the prices being asked for hacking tools have been dropping, with many participants embracing volume discounts and other incentives.
One example was a post offering a "Super Trojan"--which could be used to install malicious code on a victim's PC--for US$600 (£307).
"What's interesting is that this is actually a reviewed vendor, whose actually had a lot of good transactions. He's offering this custom piece of crimeware for only US$600," said Hinrichsen, who said he "loved the term Super Trojan".
"So, when we talk about the ever-increasing ramp-up of more sophisticated tools, the prices are coming down."
Another example was someone selling e-mail address lists and login details for sites such as eBay.
"For one to ten accounts, this guy would charge you five bucks (US$5) per account. But they've got discounted rates, just like any other institution would offer their customers, so if you buy 10 to 50 accounts he'll give it to you for £4.50 (US$6.80) each. Fifty more accounts would be $3.50 each," said Hinrichsen.
Other examples shown included a list of 15,000 e-mail addresses, which had all apparently been verified as genuine, for sale for US$1,500, a hacked root server for US$100 to US$150, and someone offering to host a financial scam on his Web site for US$20 per day, or US$80 for a week.
Play video
There are currently no comments for this post.