ZDNetAsia : Printer Friendly - Web underground economy thriving

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Web underground economy thriving

By Elinor Mills
Tuesday, November 25 2008 08:32 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62048558,00.htm

Did you know that you can buy a keystroke logger for US$23 or pay US$10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you US$225, and a tool that exploits a vulnerability on a banking site averages US$740 and runs as high as US$3,000.

That's according to the Symantec Report on the Internet Underground Economy released Monday.

Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between Jul. 1, 2007 and Jun. 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.

Malicious tools offered on underground economy servers
Tool	Average price (US$)	Price range (US$)
Site-specific vulnerability	740	100-2,999
Botnet	225	150-300
Autorooter	70	40-100
SQL injection tool	63	15-150
Trojan	24	15-40
Keystroke loggers	23	20-30
Scam hosting	10	2-80
Source: Symantec Corporation

For example, credit card information accounted for more than 30 percent of all of the types of goods and services sold and was the most requested category. Bank account credentials were the most commonly advertised thing for sale on underground economy servers monitored by Symantec, with prices ranging from US$10 to US$1,000 depending on the balance and location of the account.

This is a lucrative business, Symantec has discovered. If the sellers were able to sell everything they were offering, the amount would reach more than US$275 million. That represents just the sales amount. Factoring in the emptying of victims' accounts and maxing out credit cards, the potential worth of credit card information and bank credentials for sale would be US$7 billion, the report estimates.

Symantec's data may only be a fraction of the actual picture, according to Alvin Ow, Symantec's senior director of system engineering for Asia-Pacific and Japan. He told ZDNet Asia in an interview Monday that the actual size of the underground economy is "a lot larger than what we are able to track" and nearly impossible to estimate. "What we were able to track were only those that were on public IRC channels and forums, so we suspect that a lot happens in private channels [and] in private servers that we do not have insight to."

The report also studied trends in software piracy, with researchers monitoring those sales between July and September of this year. The most pirated software was found to be desktop games, followed by utility applications and then multimedia software, such as photo editors, 3D animation and HTML editors.

Most of the people uploading pirated software to be sold, the report found, were in the United States (19 percent), followed by the United Kingdom (7 percent). In contrast, no Asian country was found in the top 10. Ow noted that Australia was No. 10 with a 2-percent share.

The United States was also home to most of the underground economy servers (41 percent) followed by Romania (13 percent). By region, the largest number (46 percent) of underground economy servers were hosted in North America. The EMEA (Europe, Middle East and Africa) and Asia-Pacific regions contributed 38 percent and 12 percent, respectively.

Meanwhile, cybercriminals in Russia and Eastern Europe appear to be more organized than their counterparts in North America who are "often made up of acquaintances who have met in online forums and/or IRC channels", the report said.

"The big picture is this system is highly self-sustaining. You can buy the attack toolkit, use it to steal information and sell that information to others in the economy," Zulfikar Ramzan, technical director of Symantec Test and Response, told ZDNet Asia's sister site CNET News.com in an interview. "You don't need to have expertise in every area of cybercrime. You can have expertise in just one area and with others, form a supply chain to make money."

Ow noted that both enterprises and consumers need to adopt "a very proactive approach to securing their own data". Consumers should avoid storing too many passwords on their PCs, and refrain from utilizing password managers found in Web browsers, he said. They should also, where possible, used multi-layered defenses such as combining a firewall with an e-mail filter.

Businesses ought to ensure that databases are encrypted and limit access to such applications, as it has been found that most information stolen from enterprises are "found within applications, primarily databases", Ow pointed out. Security is especially important when the "economy is shaky" and companies need to maintain their reputation, he explained, as it would be very difficult to win back the confidence of their customers once it is lost.

The report joins a growing list of research devoted to the organization and sophistication of the cyber-underground. Affinion Group, as well as McAfee and Finjan monitor such underground marketplaces. RSA discovered that data from 550,000 online bank accounts and credit card accounts was stolen with the aid of one Trojan, and has done research on the "Internet Fraud Chain".

Vivian Yeo of ZDNet Asia contributed to this article.