3. Outline
• Tools and methods
• Introduction: Geeks or Gangsters?
• Underground economy: what u never
knew
• Future trends and our research
• Lining up
4. Интернете не нужно
ничего и даже
My favorite quote:
мозгов
ничего и даже
мозгов
“To make money on Internet you don’t need much, not
even brain” - from online tutorial on how to make
money
6. Sources
• Dealing with large volume of data (public
forums, bbs, manual follow up)
• Mostly public data
• Often: post mortem analysis of
compromised systems
14. Tools: RSS feeds “eater”
• A bunch of python scripts thrown together
to fetch rss feeds
15. Tools: SOLR
• Customized Data indexing and search
• Custom schema and search fields
• JSON output used
• Language “projection” (lingo/slang support)
22. Typical export sample:
• Targets MS platforms
• Often - multi-component (loader, payload
functions in form of DLL etc)
• Sensitive information collection (data,
keystrokes and credential information)
• Turns computer into web proxy, smtp
proxy, socks etc (useful for rent, spamming
etc)
• May extort money from end user
33. Where is the money!
• Banking credentials
• Credit cards
• Shops and goods
• Online goods and services
• Online currencies
• Monetization via Carrier providers and
more
34. Disclaimer:
We don’t sell or
advertize any service
We simply look at the trades :-)
35. “Ликбез”
Some terminology
Some money - one wmz = one USD
terminology
• WMZ - web
• Drop - money mule
• CC - creditcards
• Abuse resistant - Safe to host any kind of
fraudulent service
• Partnerka - partnership program
49. “Business package” Pa
Includes..
Includes..
Под средства любой загрязненности! For money of any state of dirtiness
В комплект входит: Pack includes
1.Банковскийакк(online доступ Online bank account access
)
2.АТМ картa(Дневнойлимитна снятиесредств1000$/6000$ В МЕСЯЦ-Возможноувеличение
лимита +30$-) ATM card (1000/6000USD per month withdrawal limit)
3.Картакодов (дляonline доступа online access passwords
)
4.Копия паспортадропаPassport copy of “poor john”
5.Sim-ka SIM card
Also can be pre-ordered on custom
passport scan (25USD)
50. DDOS
Very affordable
We remove sites of affordable
Very your concurrents with
DDOS attack. Fast and effective. Supported:
Prices (in WMZ ~= USD)
Discounts for bulk
73. Hidden behind login
screens
Hidden behind login
screens
• Frequent in banking or other online
credential targeted attacks
• Effectively prevents services like google
blacklist, HA and other from identifying
infections
77. Botnet DIY ;)
• Goal: 1000000 nodes botnet
• No skills required
• Buy these (available on sale):
• Traffic
• Abuse-resistant service
• Exploitpack
• Botnet gear
78. How much it costs
• Traffic - 10-15KUSD (mixed) infection ratio
arond 10-20% (depending on exploit pack)
• Abuse resistant server 300USD/month
• Exploitpack 200-2000USD
• Botnet gear 500- 10,000USD
• = 15-20,000USD total + 1-2 months of
work
79. Conclusions
• You can be victim, even if you paid for
Kaspersky and apply patches regulary :)
• While malware is what you mostly see,
cybercrime is not about malware, it is
about money
• Global economy - global fraud
• 0day is not important.Volume is important
• (Mostly) not organized crime but
ecosystem