Software that facilitates online attack by novice fraudsters andwould-be anarchists is big business, writes KARLIN LILLINGTON
THE NEW software suites come with all the trappings of today'smodern software offering: cloud computing hosting options, softwareas a service (SaaS) features, outsourcing, digital certificates,licences to prevent piracy, software modules, and bundled serviceand support packages.
But the difference between these software programs - which arelisted in ephemeral internet relay chat (IRC) discussion areas andprivate online forums - and what you might buy from mainstreamvendors, is that they supply increasingly sophisticated hackingsoftware to the unsophisticated - to fledgling hackers with littleability to write their own computer code.
"Lessons learned from large, legitimate software companies - suchas development practices, anti-piracy techniques, and support andpricing practices - are routinely duplicated in the undergroundeconomy in order to increase efficiency and profits," reportssecurity company Symantec in a report out this week on the growth inthe underground market for so-called "attack toolkits".
According to Orla Cox, security operations manager at Symantec'ssecurity response centre in Dublin, a maturing market for hackingsoftware and the dismay of previous creators of such packages atseeing them - ironically - widely pirated and available from hackerdiscussion sites has produced a hacking software landscape that isincreasingly indistinguishable from legitimate businesses.
"They're trying to differentiate themselves from competitors,"she says. Thus, vendors of such software suites, which tend to costanywhere from a few hundred to a few thousand euro, readily supply arange of services to cater to the novice hacker.
As with security companies like Symantec itself, these suiteproducers can provide regular updates, except that these enabletheir rogue software to take advantage of newly discoveredvulnerabilities in browsers, applications and infrastructure.
Or, perhaps the hacker would like the seller of the software toprovide a hosting service for them from which to run the maliciouscode? That's on offer too.
And if a large package is too expensive, buyers can insteadpurchase modules enabling them to do certain types of hacking.
As with mainstream commercial software, many of the packages alsorequire buyers to activate licences or use digital certificates toensure the packages won't suddenly appear for free on filesharingsites or IRC chat rooms.
The new sophistication of the software indicates the more limitedabilities of the buyers, says Cox. "These are less-educated hackers,if you like," she says. "They take more of a hobbyist approachrather than the old-school hacker who learns to code. The buyerswill have computer skills, but maybe not coding skills."
Novice hackers can even bundle in a service and support packageto get help when they find a new module a little too confusing orcan't figure out how to get their software settings quite right.
"It would all be quite underground though," Cox says. "Theywouldn't exactly have a hotline that you can call. But they will useinstant messaging or IRC."
The main type of suite being sold is called an "exploit kit", andthe most common way of staging an attack is for users to placemalicious code on a victim's computer.
"It allows you to set up your own malicious site with everythingon it. This may be passing on malware or redirecting to a malicioussite when the visitor comes across this site," says Cox.
"It allows you to build up your botnet to stage attacks, or tosend out spam."
The hackers try to lure visitors to their websites using searchengine optimisation techniques and productive search terms.
The most popular - at 44 per cent - are terms associated withadult entertainment websites, while the second most common are termsassociated with video streaming, says the report. Toolkit users alsouse "typo-squatting" - they register a domain name a letter or twooff that of a popular website in the hope of capturing clumsykeyboardists.
In some cases, the users of such kits work for professionalcybercrime gangs, who will pay novice hackers for every computerthey can compromise, helping the gangs to build vast botnets forstaging attacks, Cox says.
A number of high-profile exploits using the kits has drawngreater attention to the problem over the past year. Topping thelist, at least for the humiliation factor, was a successful breachof three US treasury department websites using a toolkit calledEleanore in May.
The website redirected visitors to a malicious site whichinfected the visitors with malicious code and rogue securitysoftware, according to the report.
Another effective scam used a popular toolkit called Zeus toharvest data from 55,000 vulnerable computers last August. The groupbehind the attack, called Avalanche, used a botnet to steal bankaccount information and credit card details from victims.
Symantec says "the relative simplicity and effectiveness of usingattack toolkits" has led to novice hackers with few coding skillsincreasingly hacking for financial gain, rather than to defacewebsites or cause general mischief. The report says the toolkits arebeing used in the majority of malicious attacks online - indicatingthat relative novices are probably now behind the majority ofhacking attacks - with Zeus alone responsible for over 90,000examples of malicious code in just one month of 2009.
"It is very likely that attack toolkits such as Zeus have beenresponsible for infecting millions of computers," the report says.
Symantec is now watching this underground market for signs ofconsolidation, says Cox. Just as in the mainstream software world,some toolkit producers seem ready to go to work together with amerged product rather than to continue to compete.
The market for merged products could be very lucrative. Zeussells for up to $4,000, but there are rumours that a new toolkitcomprising Zeus consolidated with another toolkit is now availablefor about $8,000.
"The kits are starting to be more expensive - and moreeffective," says Cox.
Комментариев нет:
Отправить комментарий