Symantec has just released an internet security report on the underground economy, which you can download here. The primary vehicle for communication in the underground economy is the internet relay chat (IRC). Underground IRCs are typically accessed with a client application and then redirected to a specific channel. They basically resemble AIM and Microsoft Messenger, but with far more primitive interfaces. The underground IRC servers have an average lifespan of 10 days before changing venue.
(If you use Wikipedia frequently as I, you have probably been frustrated in attempting to get the search terms correct. I have found using powerset.com as a front end for Wiki increases my productivity. Just navigate to powerset and type your search term in their window.)
Representing 70% of the goods and services available on the underground servers are: a) credit card information, b) financial accounts, and c) spam and phishing information. Credit cards are typically sold in bulk, whereas the financial accounts allow criminals to withdraw currency directly. Credit cards sell for a range of $.50 to $12 whereas bank account credentials sell for $10 to $1,000.
Also for sale are attack tools. Botnets sell for about $225 and Autorooters sell for $70. The botnets include a network of compromised computers. For example, a botnet might include a network of 2,000 infected computers that can provide an almost immediate return on investment. Autorooters are automated tools that can scan for vulnerable computers. Scam pages sell for $2 to $50 and mimic a legitimate website for the purpose of phishing. In a 1 year period, Symantec observed 69,130 distinct advertisers on underground economy servers.
41% of the underground economy servers are in the U.S. 13% in Romania, and 11% in Germany. It appears that most North America operations are independent, but the European/Asian activities much more organized.
Comments