One trend in manufacturing is to be the one-stop shop for customers so they don’t have to venture out beyond that one supplier. The same is true for cybercriminals, as they have widened the services they provide as a one-stop-shop to third-party fraudsters.
These one-stop shops are where criminals can buy everything they need to meet demand from fraudsters, said Amit Klein, chief technology officer for browser security specialist, Trusteer.
There is a new fraud group that — as well as offering infection services for prices between 0.5 and 4.5 cents for each upload, depending on geography — also provides polymorphic encryption and AV checkers, Klein said.
This new one-stop-shop approach for malicious services is a natural evolution: If the customers need to infect, then they also need to evade AV, he said.
For polymorphic encryption of malware instances, the fraudsters are charging from $25 to $50, and for prevention of malware detection by anti-virus systems (AV checking) they charge $20 for one week and $100 for one month of service, he said.
It is now a buyer’s market, with his firm’s research operation having also come across advertisements published by prospective buyers of infection services, Klein said.
The ad presets the buying price, how it is charged and the scope of the service, with the advertiser only paying for unique uploads, with the price calculations conducted according to the advertiser’s own Black Hole exploit kit stats module, Klein said.
Klein said the final paid price for the service depends on percentage of infections:
• $4.50 for 1,000 of traffic with 3% of infections
• $6 for 1,000 of traffic with 4% of infections
• $30 for 1,000 of traffic with more than 20% of infections