Today’s Malware and Virus infections are not created for fun. They are operated by organized groups of people with a definite purpose and established orders.
In a recent report, top security vendor Symantec had studied this underground economy and listed the top selling and advertised products. The report has some very interesting observations and it is surprising to know that sensitive data like Credit Card information is available for as low as $0.85.
The underground economy is an evolving and self-sustaining black market where underground economy servers, or black market forums, are used for the promotion and trade of stolen information and services. This information can include government-issued identification numbers such as Social Security numbers (SSNs), credit card numbers, debit card information, user accounts, email address lists, and bank accounts. Services include cashiers, scam page hosting, and job advertisements such as for scam developers or phishing partners.
Following are the top selling products and services in malware infection economy.
Cash out—a withdrawal service where purchases are converted into true currency. This could be in the form of online currency accounts or through money transfer systems and typically, the requester is charged a percentage of the cashout value as a fee.
Bank account credentials—may consist of name, bank account number (including transit andbranch number), address, and phone number. Online banking logins and passwords are often soldas a separate item.• Cash out—a withdrawal service where purchases are converted into true currency. This could be in theform of online currency accounts or through money transfer systems and typically, the requester ischarged a percentage of the cashout value as a fee.
Credit card information—includes credit card number and expiry date. It may also contain the cardholder name, Credit Verification Value 2 (CVV2) number, PIN, billing address, phone number, and company name (for a corporate card). CVV2 is a three or four-digit number on the credit card and used for card-not-present transactions such as Internet or phone purchases. This was created to add an extra layer of security for credit cards and to verify that the person completing the transaction was in fact, in possession of the card.
Email accounts—includes user ID, email address, password. In addition, the account may contain personal information such as addresses, other account information, and email addresses in the contact list.
Email addresses—consists of lists of email addresses used for spam or phishing activities. The email addresses can be harvested from hacking databases, public sites on the Internet, or from stolen email accounts. The sizes of lists sold can range from 1 MB to 150 MB.
Full identities—may consist of name, address, date of birth, phone number, and government-issued number. It may also include extras such as driver’s license number, mother’s maiden name, email address, or “secret” questions/answers for password recovery.
Mailers—an application that is used to send out mass emails (spam) for phishing attacks. Examples of this are worms and viruses.
Proxies—Proxy services provide access to a software agent, often a firewall mechanism, which performs a function or operation on behalf of another application or system while hiding the details involved, allowing attackers to obscure their path and make tracing back to the source difficult or impossible. This can involve sending email from the proxy, or connecting to the proxy and then out to an underground IRC server to sell credit cards or other stolen goods.
Shell scripts—used to perform operations such as file manipulation and program execution. They can also be used as a command line interface for various operating systems.
Complete Report-pdf, 4MB]