"Cyber Crime Toolkits" Hit the News
On the BBC website:
“They are starting to pop up left and right,” said Tim Eades from security company Sana, of the sites offering downloadable hacking tools. “It’s the classic verticalisation of a market as it starts to mature.”
Malicious hackers had evolved over the last few years, he said, and were now selling the tools they used to use to the growing numbers of fledgling cyber thieves.
Mr Eades said some hacking groups offer boutique virus writing services that produce malicious programs that security software will not spot. Individual malicious programs cost up to £17 (25 euros), he said.
At the top end of the scale, said Mr Eades, were tools like the notorious MPack which costs up to £500.
The regular updates for the software ensure it uses the latest vulnerabilities to help criminals hijack PCs via booby-trapped webpages. It also includes a statistical package that lets owners know how successful their attack has been and where victims are based.
In one sense, there’s nothing new here. There have been rootkits and virus construction kits available on the Internet for years. The very definition of a “script kiddie” is someone who uses these tools without really understanding them. What is new is the market: these new tools aren’t for wannabe hackers, they’re for criminals. And with the new market comes a for-profit business model.
Omar Herrera • September 5, 2007 7:51 AM
And I wonder if the anti-malware industry is updating their strategies and solutions accordingly. It seems to me that they are still targeting malware created mostly by amateurs seeking a few seconds of publicity rather than targeted and silent attacks by malware created by these criminals.
For instance, I don’t know if those “100% detection” awards are still worth anything (if they ever were). How can we measure detection effectiveness of malware that is now specifically designed to fall well below the radar of the anti-malware industry?
It is not only a technical and context problem; detecting malware custom-made for specific companies or small groups of people to create detection signatures for everyone is not cost-effective for anti-malware companies with black-list based products (even behavior based products still rely on thresholds to guess what is bad). However, it seems that this is exactly the opposite for criminals.