Independent research reports from several different internet security firms are warning about the increased level of technology, sophistication, and organization that criminals are employing in their endeavors to steal, defraud, extort, and otherwise scam individuals and corporate entities for their money. Today’s hacker wannabe doesn’t even have to be particularly skilled technologically. He just has to be willing and able to cough up the money for a good crimeware kit, which can cost upwards of $3000.00 depending on the capabilities desired.
According to Symantec, 3 phishing kits were responsible for over 40 percent of the phishing attacks they observed during a recent 6 month interval. These kits come complete with sample phishing web sites and email messages, and their availability on the black market can be linked to the 53 percent increase in the number of phishing attacks observed during that same period.
Other crimeware kits such as MPack combine multiple attack types, exploiting both web server and client vulnerabilities. Additionally, kits are available that allow criminals to customize Trojans in order to target specific sectors or agencies. Finjan is reporting that these crimeware Trojan kits create new binary files with each use, making signature-based detection extremely difficult. These kits are also capable of generating Command and Control modules for remote control of distributed Trojans, in effect creating botnets.
These kits show all the traits of professionally developed software suites, utilizing the latest web 2.0 programming technologies. This has resulted in skyrocketing infections within the most popular web 2.0 sites, including social networks and P2P file-sharing sites. In fact, according to Websense, 60 percent of the most popular sites on the internet either hosted crimeware, or linked to malicious websites which hosted crimeware during the first 6 months of 2008. Various MySpace hacks for example allowed criminals to view private profiles and capture logon details, enabling the hackers to use the hacked accounts to send spam or host malware.
One of the newest kits available to hackers was discovered by Panda Security in June. It converts traditional Trojans into worms. This means that once a machine is infected with the Trojan, other computers sharing the same network could be infected without the users opening an infected email attachment or visiting a malicious site. Such hybrids spread much more quickly than the original Trojans from which they’re created.
Crimeware kits are distributed to potential buyers, who use private chat facilities to negotiate and consummate the transactions. Sites which host torrent trackers also index many hacking toolkits. Of course, the illegal gangs and cybercriminals have their own distribution and management channels. These organizations seem very much like a cross between modern high-tech business enterprises and mafia-style organized crime. The top managerial tier does not engage directly in hacking activities, but directs middle management layers which control the distribution of crimeware and crimeware kits to lower tiers. These lower tiers are the actual hackers collecting the stolen data, identities, credit card numbers, etc. They also control the botnets which are used to launch attacks, send spam, and expand their networks.
The growing sophistication of crimeware (and the ease with which it can now be developed and deployed), the increased use of blended attacks involving multiple attack vectors, and the continual refinement of the criminal organizations behind cybercrime are all symptoms of the trend away from malware created for glory or anarchistic destruction and toward crimeware geared for stealth and profit.
Sophisticated kits generate custom trojans for stealing data and conscripting into C & C networks (botnets). — Finjan Web Security Trends Report Q2 2008.