Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime-As-a-Service Takes Off

Posted by timothy on from the no-need-for-subtlety dept.

pnorth writes "Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, according to email offers cited by security experts. A technical account manager at authentication firm Vasco said that cyber crime is becoming so business-like that online offerings of malicious code often include support and maintenance services. He said 'it was inevitable that services would be sold to people who bought the malware toolkits but didn't know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too.'"

13 of 113 comments (clear)

  1. You really know when its a business... by Shivinski · · Score: 5, Interesting

    Once you see the toolkits cracked and pirated on torrent site's :P

    1. Re:You really know when its a business... by timeOday · · Score: 4, Insightful
      I think your comment is more insightful than funny. The question is, can an unregulated blackmarket grow and thrive without law - no contract enforcement, courts, or police?

      Some would point to the large sums of cash in the illicit drug trade as evidence that it can, but I point to the stratospheric markup on illicit drugs as evidence that the market is horribly inefficient. The markups show there's a shortage of suppliers - due in part to law enforcement, I'm sure, but being in the drug trade also means running the risk of being gunned down (or worse) by competitors. Personally I prefer a bit more regulation in my markets than that.

    2. Re:You really know when its a business... by roblarky · · Score: 5, Funny

      Stewie: "Uh, on torrent site's what, Brian? Over."

    3. Re:You really know when its a business... by clarkkent09 · · Score: 4, Funny

      apparently on torrent site's P drive

      --
      Negative moral value of force outweighs the positive value of good intentions.
  2. Honesty? by LinuxGeek · · Score: 5, Insightful

    Will the sellers be honest enough to give you all the money they drain from bank accounts?

    --

    Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
    1. Re:Honesty? by interkin3tic · · Score: 4, Funny

      Will they even be honest enough to give you the service or support you paid for? I wouldn't even trust them that far.

      I'm not very familiar with people who make malware, but I'd imagine/hope the "support" would look something like this:

      Customer: Yes, I'm having problems with your product, the Malwarator 1000
      Anonymous support: LOL FUCK YUO NOOB!!1

      If it offends any malware writers to be stereotyped like that, particularly the guys behind antivirus 2009, give me your home address and I'll mail you an apology.

  3. It's a franchise business model by earlymon · · Score: 4, Funny

    And given that it's a franchise business model, I guess I'd like to know two things: are there delivery guarantees and does Uncle Enzo know about this?

    --
    Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
  4. Bastards by Anonymous Coward · · Score: 5, Funny

    Closed-source malware hurts the developer community!

    I demand FOSS malware!

  5. A package tour of another persons computer? by AHuxley · · Score: 4, Interesting

    Old people go on low-budget package tours of countries.
    If your a Mac, Linux or Windows user and all you have is instant messenger details. At very best a non-static IP thats days or weeks old?
    To be able to skype a real business-like cyber crime expert and have them talk you thru entering another persons computer is so worth $400.
    The thrill of reading the real name of the computer owner.
    To see the desktop.
    Looking deep into the directories, emails, draft letters.
    Compressing and sending out all other chat logs.
    Leaving malicious code behind so you can always stay in contact.
    If there is a hardware upgrade or software problem, friendly help is a just call away.
    All from the comfort of your own home.

    --
    Domestic spying is now "Benign Information Gathering"
  6. And even if it ISN'T fake. by Ungrounded+Lightning · · Score: 5, Funny

    This whole article is based on some blog posting of an email ... We do not know if the email is legit or fake. ... This was pimped at some security convention ... Of course the people discussing it have a motive to make money ...

    And even if they're being honest:

    Any bets whether they found one of the law-enforcement "sting" operations?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  7. Law enforcement by Phroggy · · Score: 4, Insightful

    So, if they're selling support, presumably there's a way to contact them, and if there's a way to contact them, shouldn't it be possible to identify them?

    Are these activities not illegal?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    1. Re:Law enforcement by QuoteMstr · · Score: 4, Interesting

      Money laundering. Over at Wikileaks, there's a fascinating letter written by a member of the child pornography community. The author goes into quite a bit of detail about the overall organization and operation of the black hat community. You should take the letter with a grain of salt, of course, but it's certainly very interesting.

  8. It's true by phantomfive · · Score: 5, Funny

    A few months ago I was really getting sick of working support lines for Intel, with all the stupid users calling in and complaining about stupid things, and I could do nothing about it (I mean really, if your computer isn't plugged in, it's not my fault!!). So I heard about this new business, and applied for a job as a first-line support rep for a certain malwa^W ahem Alternative Software for the Dark Side company whose precise name I will not reveal for privacy reasons.

    The hours aren't great, and the severance package is well, horrible, BUT it does have the advantage that I can send any cases over to the hitma^W ahem Planned Termination and Collections department. Customers are so much more respectful somehow. Maybe I should post this anonymously.

    --
    Qxe4