“Download bot! -=UA-BOT=- Check out my next development—a bot with simple and convenient administrative controls in PHP. It downloads and launches different programs. As a bonus, it includes the ability to execute HTTP GET requests; very similar to a DDoS (makes sense only with a large number of bots or, alternatively, for wildly cranking up counters and other such pranks, or for creating a wrapper for sensitive scripts, etc.). Contact ICQ <redacted> for all the details. As part of my testing, I’m giving away a bot configured using test administrative controls. A bot costs US$30, stitching costs US$5.”


“Programming service; Perl, PHP, C, Java, etc. Prices: From US$100; injects writing: From US$200; web server hacking: From US$250”


“Writing and selling Trojans and other malware; available: Trojan for bank account stealing—US$1,300, Trojan for web page data replacement in a client’s browser— US$850, WebMoney Keeper Trojan—US$450, DDoS bot—US$350, credit card checker—US$70, backdoor— US$400, LiveJournal spammer—US$70, fakes of different programs—US$15–25”


Fifty dollars should get you started. That's all it takes. Of course, if you want to be taken seriously and play with the big boys you'll have to stump up rather more than that. Let's say five hundred dollars as a reasonable estimate. That's about 15,800 roubles at the current exchange rate (http://fx-rate.net/USD/RUB/).


Of course, 500 dollars doesn't seem like much to someone from the US. To a Russian nearly 16000 roubles is two-thirds of the "average" income, and over three times what someone on the lowest salary would be getting ....


I think we've found the reason why Russians, Ukrainians and other eastern Europeans find cybercrime such an attractive proposition. The income from it measured in dollars may not be great, but as a multiple of the average income in Russia (or whichever country the budding cyber-entrepreneur is in) it must look like a very attractive career option. And the $50 minimum start-up cost, while still a sizeable sum in roubles, is just about affordable.


Max Goncharov at Trend Micro has analysed a range of hacking tools and services being offered for sale on Russian underground forums. There is a brief summary of his findings here, or the report can be downloaded as a PDF file from the Trend Micro site.



Russian botnet prices.JPG




If you've ever wondered where these malicious programs come from that companies like McAfee spend so much time and effort trying to detect and prevent, this report gives you more information than you might feel comfortable with. The people involved are intelligent, well educated, skillful and knowledgeable. They relish the challenge of outsmarting the opposition (that's McAfee and all the others) and ensnaring the suckers (that's you and me). They have excellent customer-relations skills, they innovate and bug-fix, their products are robust and dependable (if not, they sink without trace).


This is what one of the Russians has to say about his rootkit program :


“The drivers are loaded before the NT kernel is initialized, which means they are loaded before PatchGuard is started. The driver’s digital signature is not required. All versions of the Windows OS are supported from XP to 7 SP1, inclusive. Two architectures are supported—x86 and AMD64 (EM64T). The loader’s code changes. It consists of a certain number of blocks that are randomly shifted each time the project is built. Thus, the binary image of each newly compiled loader differs from the previous one. The project is built using MS Visual Studio 2005 and MS Windows XP DDK. It is built for x86 first and AMD64. The price is US$292.”


The range of activities covered in this report is quite impressive, and gives some idea of the flourishing state of the underground cybercrime economy. And as long as the cost for new entrants is so low (and the potential profits so large, at least in terms of local incomes) it is unlikely to disappear any time soon.


A partial list of contents of the report gives an idea of the scale of the underground cybercrime economy.

Trend Micro Table of Contents.JPG


This is something worth studying if you've ever been on the receiving end of one of the many exploits that this report covers.