Just over $1 000.00 can buy a cybercrook the tools needed to turn malicious action into financial profit – thanks to a Web-based black market where malicious code and tools are available at knock-down prices.
PandaLabs reveals that all types of crimeware tools can be bought on hundreds of forums and despite most web pages originating from eastern Europe, Internet mafia networks now extend worldwide.
The prices vary. If a cyber-crook wanted to buy a Trojan, for example, he would only have to shell out between $350.00 and $700.00. A password stealer Trojan costs $600.00 while a Limbo Trojan (with fewer features) costs around $500.00, although they have been sold for less. Both examples steal passwords to access online banks.
Cybercrooks would have to pay $500.00 for a Trojan that captures payment platform accounts, such as Webmoney, although there are often "special offers". In one case, the first 100 buyers only had to pay $400.00.
The next step is to get a list of email addresses to distribute the Trojan. For this, aspiring cyber-crooks only have to visit another webpage, where they can get mailing lists of all sizes.
Prices vary from $100.00 per million addresses to $1 500.00 for 32-million addresses. If they also want to send links that download the Trojan to instant messaging users, they can buy a million ICQ addresses for $150.00.
The cybercrook then has to ensure that antivirus programs will not detect the malicious code. For between $1.00 and $5.00 per hidden executable, they can hire a service that protects the malware against security tools. If they want to do it themselves, they can get polymorphic encryption software called Polaris for just $20.00.
The last step is to send emails to distribute the Trojan. For about $500.00, cyber-crooks can rent a spam server. Then, they just have to wait for the victims to be infected.
A few simple calculations are all that’s needed to underline how lucrative this activity can be. If a Trojan costs $500.00 and a million-address mailing list costs around $100.00, that means $600.00 is enough to infect a million people. Then add a $20.00 encryption program and a $500.00 spam server. With almost a 10% success rate, hackers could infect 100 000 people.