Is the demand for access to compromised legitimate portfolios of domains -- where the price is based on the pagerank and is shaped by the number of domains in question -- the main growth factor for the increasing supply of such stolen accounting data, or is it the result of cybercriminals data mining their botnets for accounting data that would provide them with access to such portfolios of high trafficked domains with clean reputation? Moreover, would such a data mining approach made easily possible due to the availability of botnet parsing services and stolen accounting data dumps streaming directly from a botnet, would in fact be the more efficient approach in injecting their malicious presence on as many hosts as possible, next to the plain simple massive SQL injection approach?
As always, it's a matter of who you're dealing with, and their understanding of the exclusiveness of a particular underground item at a given period of time. This exclusiveness is inevitably going to increase due to the fact that they're several "vendors" that are already purchasing access to such portfolios, as well as compromised Cpanel accounts as a core business, the access to which they would later on either resell at a higher price enjoying the underground market's lack of transparency, or directly monetize and break-even immediatelly. As for this particular proposition for an account with 404 domains in it, it's interesting to monitor how the seller is soliciting bids from multiple sources by leaving the price an open topic, clearly indicating his low profile into the underground ecosystem. How come? An experienced seller or buyer would be offering or requesting page rank verification respectively.
With nearly each and every aspect of cybercrime already available as a service, or literally outsourced as a process to those supposidely excelling into a particular practice, building capabilities for data mining botnets is no longer a requirement, with the people behind the botnets monetizing all the data coming from it by soliciting deals of accounting data dumps based on a particular country only.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Friday, October 24, 2008
Compromised Portfolios of Legitimate Domains for Sale
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment