Zeus Crimeware as a Service Going Mainstream

-
Since 100% transparency doesn't exist in any given market no matter how networked and open its stakeholders are, Cybecrime-as-a-Service (CaaS) in the underground marketplace went mainstream with the introduction of- the 76service -- now available in Winter and Spring editions -- followed by a flood of copycats monetizing commodity services on the foundations of proprietary underground tools.

Originally launched as an invite only service where only trusted individuals would be able to take advantage of the malicious economies of scale concept, in August, 2008 copycats ruined the proprietary model of the 76service by tweaking the service and converging it with web malware exploitation kits of their choice. The output? Near real-time access to freshly harvested financial data, which when combined with their aggressive price cutting once again lowers down the entry barriers into this underground market segment.

Start from the basics. Intellectual property theft in the underground marketplace has been a fact for over an year now, with proprietary web malware exploitation kits leaking to the average cybercriminals who after a brief process of re-branding and layout changing, include their very own copyright notice. Upon obtaining the kits for which they haven't a cent/eurocent, it would be fairly logical to assume that they can therefore charge as much as they want for offering on demand access to them, thereby undercutting the prices offered by the experienced market participants. IP theft in the underground marketplace equals a volume sales driven cash cow that messes up the basics of demand and supply that the experienced cybercriminals consciously or subconsciously follow.

Not only is IP theft a reality, but also, among the very latest Zeus crimeware for hire services is charging pocket money for extended periods of time :

"[Q] What is
[A] is a mix between the ZeuS Trojan and MalKit, A browser attack toolkit that will steal all information logged on the computer. After being redirected to the browser exploits, the zeus bot will be installed on the victims computer and start logging all outgoing connections.

[Q] How much does it cost?
[A] Hosting for costs $50 for 3 months. This includes the following:

# Fully set up ZeuS Trojan with configured FUD binary.
# Log all information via internet explorer
# Log all FTP connections
# Steal banking data
# Steal credit cards
# Phish US, UK and RU banks
# Host file override
# All other ZeuS Trojan features
# Fully set up MalKit with stats viewer inter graded.
# 10 IE 4/5/6/7 exploits
# 2 Firefox exploits
# 1 Opera exploit"
 
We also host normal ZeuS clients for $10/month.
This includes a fully set up zeus panel/configured binary"

Think cybercriminals in order to anticipate cybercriminals. Would a potential cybercriminal purchase a crimeware kit for a couple of thousand dollars, when they can either rent a managed crimeware service, or even buy a gigabyte worth of stolen E-banking data for any chosen country, collected during the last 30 days? I doubt so, and factual evidence on the increasing number of such services confirms the trend - in 2009 anything cybercrime will be outsourceable.

Related posts:
Modified Zeus Crimeware Kit Gets a Performance Boost
Modified Zeus Crimeware Kit Comes With Built-in MP3 Player
Zeus Crimeware Kit Gets a Carding Layout
The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw
Crimeware in the Middle - Zeus

Related underground marketplace posts:
Will Code Malware for Financial Incentives
Coding Spyware and Malware for Hire
Malware as a Web Service
The Underground Economy's Supply of Goods and Services
The Dynamics of the Malware Industry - Proprietary Malware Tools
Using Market Forces to Disrupt Botnets
Multiple Firewalls Bypassing Verification on Demand
Managed Spamming Appliances - The Future of Spam
Inside a Managed Spam Service
Dissecting a Managed Spamming Service
Segmenting and Localizing Spam Campaigns
Localizing Cybercrime - Cultural Diversity on Demand 
Localizing Cybercrime - Cultural Diversity on Demand Part Two

Comments

Post a Comment

Popular posts from this blog

Exposing Bulgaria's Largest Data Leak - An OSINT Analysis

-
Image
I've recently came across to a news article detailing the recently leaked Bulgaria NAP records database and I decided to take a closer look. What does this leak basically constitute? Basically the attacker managed to compromise the security of the Web Site basically leading to a successful extraction of a decent-portion of data which could basically constitute a leak. NOTE: The data in this analysis has been obtained using public sources. In this post I'll profile a novice Bulgaria-based cybercriminal that basically managed to obtain access to the database and shared it within several cybercrime-friendly forum communities making it publicly accessible including an in-depth overview of TAD Group which is basically a Bulgaria-based penetration testing company. Real Name:  Daniel Ganchev - Email: daniel.ganchev@abv.bg Sample URL of the cybercriminal involved in the campaign: hxxp://instakilla.com/ - Email: wp@instakilla.com; info@instakilla.com Instagram Account
Read more

New Report - "A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team" - Grab a Copy Today!

-
Image
Dear blog readers, It's a pleasure and an honor to let you know of a recently released commercially available report on Iran's Hacking Scene entitled - "A Qualitative and Technical Collection OSINT-Enriched Analysis of the Iranian Hacking Scene Through the Prism of the Infamous Ashiyane Digital Security Team" which is priced at $500 for unlimited distribution copies within your Team and Organization and can obtained from here . An excerpt: " In a cybercrime ecosystem dominated by fraudulent releases and nation-state actors including possible high-profile “sock-puppets” and cyber proxies type of rogue and potentially superficially engineered cyber warfare tensions it should be clearly noted that a modern OSINT and virtual HUMINT actionable threat intelligence analysis of major and prominent cyber actors should take place for the purpose of setting up the foundations for a successful cyber actor monitoring including possible offensive and couter-offensive t
Read more

Historical OSINT - The Russian Business Network Says "Hi"

-
Image
You know you're popular when "they" say "hi". It's 2009 and I've received a surprising personal email courtesy of guess who - The Russian Business Network showing off the actual ownership of the hxxp://rbnnetwork.com domain and basically saying "hi". It's worth pointing out that throughout 2008-2013 I've extensively profiled the activities including the customer activities of some of the most prolific customers and members of the infamous Russian Business Network also known as the RBN in the context of blackhat SEO iFrame and input validation abuse across major Web properties including malvertising  and various other malware-serving and client-side exploits serving campaigns including money mule recruitment   and phishing campaigns the ubiquitous at the time fake security software also known as scareware in a variety of post series. Related post -  Dissecting a Sample Russian Business Network (RBN) Contract/Agreement Throu
Read more