Web Fraud 2.0: Distributing Your Malware
The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute your data-stealing malicious software is a time-consuming process that requires a modicum of skill. That is, until recently, when several online services have emerged that promise to help would-be cyber crooks graduate from common street dealers to distributors overnight.
Such is the aim of services like "loads.cc," which for a small fee will take whatever malware you provide and inject it into a pre-selected number of PCs already compromised and under the thumb of the service owners.
Currently, loads.cc claims to have 264,552 hacked systems in more than a dozen countries that it can use as hosts for any malicious software that clients want to install. The latest details from the "statistics" page displayed for members says the service has gained some 1,679 new infectable nodes in the last two hours, and more than 33,000 over the past 24 hours.
So, let's say I'm a wannabe cyber crime guy, and I download or purchase some malware from any number of forums that host these things or configure them to your liking. I then mosey on over to loads, and check out their distribution price lists. For $100, I can have my malware loaded onto 1,000 PCs around the globe for roughly $100, or 10 cents per compromised machine. I merely tell the site the location of the URL where my malware is hosted, pay for the service with Webmoney, and sit back and wait for my soon-to-be-infected machines to start sending me their passwords and other sensitive data.
Interestingly, loads.cc seemed to have either angered an established cyber criminal or tread upon space already occupied by another organized crime outfit earlier this year, because the site came under a fairly heavy and sustained distributed denial-of-service attack (DDoS) aimed at knocking the service offline. The site operators responded by creating a new domain for their service with "ddos" in its URL.
Other up-and-coming malware distribution services are trying to gain a foothold in this nascent criminal Web 2.0 industry. Loadsforyou.biz offers slightly more competitive rates, promising to stitch your malware into 10,000 hacked PCs in the U.S. for just $120. And they claim to accept PayPal, which might appeal to newbie cyber thieves who are unfamiliar with the ways of Webmoney and other more Euro-centric virtual currencies.
If a know-nothing cyber crook can pay $120 and infect 10,000 already-hacked PCs in the United States, what does that say about the sheer number of systems under control of the bad guys? To me, it says that compromised machines or "bots" as they are more commonly known, have become a commodity, or - to cite Wikipedia's definition -
"undifferentiated goods characterized by a low profit margin."
I hope this is obvious, but it's probably best to avoid visiting the sites named in this post, as they exist solely to orchestrate the infection of computer systems.
If you'd like to discuss any part of this Web Fraud 2.0 series, or have any other computer-security related question on your mind, join us at 11 a.m. ET today for our Security Fix Live discussion.
August 22, 2008; 10:19 AM ET
Categories: Fraud , From the Bunker , Web Fraud 2.0
Save & Share: Previous: Opera Update Plugs Multiple Security Holes
Next: Web Fraud 2.0: Thwarting Anti-Spam Defenses
Posted by: PhantomTramp | August 22, 2008 4:15 PM | Report abuse
Posted by: PJ | August 22, 2008 6:32 PM | Report abuse
Posted by: sdlfkj | August 23, 2008 3:40 AM | Report abuse
Posted by: Jethro | August 23, 2008 8:14 AM | Report abuse
Posted by: Brian | August 25, 2008 6:19 PM | Report abuse
Posted by: madxc | August 25, 2008 11:12 PM | Report abuse
Posted by: Jeff B at Home | August 26, 2008 11:32 AM | Report abuse
Posted by: Malcolm Patten | August 27, 2008 1:51 AM | Report abuse
Posted by: Clark | August 27, 2008 12:45 PM | Report abuse
Posted by: PhantomTramp | August 27, 2008 5:00 PM | Report abuse
The comments to this entry are closed.