Friday, March 13, 2009

Russian prices of crimeware

To see how many Russians domains created to spread malware, and the wide variety of applications designed from those lands to commit various types of crimes who seek to keep the most valuable commodity: information; imagine Russia as if it were something to the world Gibson describes in Neuromancer where old dark alleys are used for the illegal sale and rental of all types of programs designed to break the security protections.

Cyber-criminals and black market crimware seem to be the order of the day in Russia. So, I want to reflect some numbers that give an idea of what it may cost to prepare attacks across a large number of "resources" available, as would a mercenary, to the highest bidder.

Sploit25
It contains a different crimware to exploit vulnerabilities in Internet Explorer 6 and 7, and in PDF files. There is a Lite version with a value of U$S 1500 and U$S 2500 Pro version

Unique Sploits Pack
Another crimware containing several different exploits for vulnerabilities. Its value is U$S 600. U$S 100 is accessed and updated by U$S 50 to an encryption module.

Neon Exploit System
A set of exploits designed to exploit vulnerabilities in Microsoft platforms and applications for mass use. The value of this crimware is U$S 500.

XS[S]hkatulka
Set script designed to break passwords webmails through XSS. According to its creators, "this application is ideal to start earning money by providing services for the passwords of mail accounts". As a researcher of "Information Research" :-) Its value is U$S 110.

Cripta Zeus(a)
It's a service whose purpose is to encrypt the trojans zombie PC's that recruit the botnets to Zeus. The "Services" offered are:
  • Build individual crypts (your.exe) the first time: U$S 49
  • Build individual crypts (your.exe) encrypting every two hours: U$S 46
  • Build individual crypts (your.exe) encrypting every three hours: U$S 43

LeFiesta Pack
One of the best known crimware. Like other similar programs, is written in PHP and is used to exploit vulnerabilities through techniques such as Drive-by-Download, Scripting, etc.. It's now used by the botnet Zeus. The price of the latest version is U$S 1000.

YES Exploit System
Another crimware designed to exploit vulnerabilities to exploit and scripts. Its value is U$S 600.

PoisonIvy Polymorphic Online Builder
Crimware to generate variants of the trojan PoisonIvy online. Its value is U$S 500.

FriJoiner Small y Private
An application to merge executable files. Such applications are widely used by disseminators of malware to prevent the malicious code is detected. Small version costs U$S 10 and version Private U$S 15.



Genom iframer
Applications designed to automate the injection of iframe tags in vulnerable sites. Its value is U$S 40.

CRUM Cryptor Polymorphic
Crypt with polymorphic features designed to avoid detection of the malware from antivirus companies. Its cost of U$S 100.

This is just a small list that represents a very small percentage compared to the amount and variety of applications crimware.

The majority of attacks that use the Internet as a base for attacks carried out with programs of this style, but must be aware that while we are more informed and better use of security technologies, the greater the level of protection in our information environments.

Related Information
Unique Sploits Pack. Crimware para automatizar la explotación de vulnerabilidades
Phishing Kit. Creator automatic of fraudulent sites - Spanish version
Analysis of an attack of web-based malware - Spanish version
Creating Online polymorphic malware based PoisonIvy - Spanish version


# Jorge Mieres

No comments: