Websites For Spyware Subscription And Malware Support
An unnamed Web site recently found introduction similar to the launch of an e-commerce site. The site has a crude home page yet it is fairly functional. The home page displays a series of options. With them visitors can conduct business in either English or Russian. There is an FAQ section, a list of terms and conditions for using software, and details specifying payment forms.
The site, however, has scanty contact details. That's because it supports illegitimate merchandise. It presents malicious code for criminal-minded webmasters to employ them to infect users with a Trojan program.
The site promises at least $66 to website owners if they downloaded the malware on their sites. It promises more for installing the code directly on systems of end users. The site says it would provide better rates for good traffic. Computerworld published this on April 5, 2007.
Online organized criminal gangs are taking on to new strategy by copying a page from the books of security vendors and modifying it into their websites. These sites offer assistance and subscriptions for spyware and other malware. Enterprises subscribing at $20 per month can sell exploit engines to spyware distributors and spammers who can use them to break into systems, said Gunter Ollmann, director of security strategies at IBM. This news appeared in IT.slashdot on April 5, 2007.
The website encrypts the exploit code and applies a series of morphing tactics that are elusive to security detection software. The code can exploit various vulnerabilities in order to infect a chosen computer.
Don Jackson, working as security researcher at SecureWorks, a security service provider based in Atlanta, recently spotted a subscription site of that sort.
Jackson uncovered the Trojan called Gozi and after a thorough investigation found that it would capture data from SSL streams and transmit that to a server based in St. Petersburg, Russia. His investigation showed that the Gozi Trojan evaded detection for nearly 50 days and it stole secret data valuing $2m on the parallel market. The data consisted of 2,000 social security numbers (SSNs) and bank account details. Techworld published Jackson's findings in the third week of March 2007.
Related article: Websites – The Latest Weapon in The Hands of Phishers
» SPAMfighter News - 12-04-2007