Henry Dalziel | General Hacking Posts | November 15, 2012
Trend Micro released a research paper which we thought to blog about since it’s so interesting! This report is particularly interesting for those working in the information security space because there is nothing better than thinking and understanding what attackers are doing and thinking. Such knowledge allows for better intrusion detection and of course in turn information security training.
Basically the security organization released a paper giving an overview of the cybercriminal underground world in Russia and outlined the types of hacker activities. Most of the information contained in the report based on data gathered from online forums and services used by Russian cybercriminals.
In their own words, Trend Micro sought “advice” from hackers on their activities, the computer threats, APT’s, malware and general bad stuff that they do.
In summary, the report found that malware tools and services extend from single blackhat packages which cost just cents to mega-sophisticated botnet style packages and services which cost thousands of dollars per month to hire. For example, if you want to buy a botnet it’s gonna cost you somewhere in the region of $700 but you can also rent the botnet by the hour for only a couple of dollars.
VPN’s were a big discovery on their research – hardly surprising. Blackhat spammers rely on VPN to spew out spam so that won’t come much as a shock. Email spam costs about ten dollars per one million emails and Windows rootkits are priced around the $300 mark.
Zeus was quoted as being the most popular and effective financial theft trojans and botnet builders. For those that don’t know, Zeus is a Trojan horse that basically steals banking information by a type of Man-In-The-Middle attack but in this case it’s a “Man-in-the-browser keystroke logger” and “Form Grabber”. Generally Zeus is spread mainly through drive-by downloads and phishing scams. Zeus has achieved some pretty big scalps, for example the trojan was used to obtain sensitive information from the United States Department of Transportation and later was attributed to having stolen FTP details of accounts on websites belonging to Oracle, Amazon, ABC, NASA and others. The cost for that by the way is about $500.
Want to hire someone to hack a gmail account? That’s gonna be $162. Facebook and Twitter were slightly less at $130.
Here is an outline of some of the costs on the Russian cybercrime underground market:
Hacking a corporate email account: $500
Winlocker ransomware: $10-20
Unintelligent exploit bundle: $25
Intelligent exploit bundle: $10-$3,000
Basic crypter (for inserting rogue code into a benign file): $10-$30
SOCKS bot (to get around firewalls): $100
Hiring a DDoS attack: $30-$70/day, $1,200/month
Botnet: $200 for 2,000 bots
DDoS botnet: $700
ZeuS source code: $200-$500
Windows rootkit (for installing malicious drivers): $292
Hacking Facebook or Twitter account: $130
Hacking Gmail account: $162
Email spam: $10 per one million emails
Email spam (using a customer database): $50-$500 per one million emails
SMS spam: $3-$150 per 100-100,000 messages