Cyber Crime:Underground Economy

Underground Economy

Cyber crime is big business. See charts displaying the current prices paid for stolen data or for infecting machines or for SPAM mails.

Pay-out for each unique adware installation	30 cents in the United States, 20 cents in Canada, 10 cents in the UK, 2 cents elsewhere
Malware package, basic version	$1,000 - $2,000
Malware package with add-on services	Varying prices starting at $20
Exploit kit rental - 1 hour	$0.99 to $1
Exploit kit rental - 2.5 hours	$1.60 to $2
Exploit kit rental - 5 hours	$4, may vary
Undetected copy of a information-stealing certain Trojan	$80, may vary
Distributed Denial of Service attack	$100 per day
10,000 compromised PCs	$1,000
Stolen bank account credentials	Shocking only AT Varying prices starting at $50
1 million freshly-harvested emails (unverified)	$8 up, depending on quality

It's hidden but a now a huge economy effecting billions of peoples around the world with just some clicks of the mouse. Based on official survey conducted by Trend Micro Inc.USA.

Papers for eCrime 08 invited

The Anti-Phishing Working Group (APWG) has announced today that the eCrime Researchers Summit (eCrime 2008), the world's premier conference for basic and applied research in electronic crime studies, is now accepting papers for its third annual conference to be held in Atlanta on October 15-16.

eCrime 2008 will feature papers from leading researchers and technologists on Internet security, phraud, phishing, spoofing, electronic identity theft, click-fraud and crimeware. eCrime 2008 is made possible by a collaboration of principals from Stephens Institute of Technology, University of Alabama at Birmingham, Baylor University, and the APWG.

The complete call for papers announcement can be viewed at: http://www.ecrimeresearch.org/2008/cfp.html

"We've got a team of towering authorities in information security, privacy, and electronic crime to chair and staff our conference committees," said Foy Shiver, APWG Deputy Secretary General and Director of eCrime Researchers Summit Development. "Authors' exposure to these experts' opinions and direction will be of invaluable assistance to their research."

The General Chair of eCrime 2008 is Gary Warner, from the University of Alabama at Birmingham (UAB). Mr. Warner is the Director of Research in Computer Forensics at UAB, where he teaches and works to develop tools, techniques, and training to help eCrime investigators.

Program Co-Chairs for this year's conference are Susanne Wetzel of Stevens Institute of Technology and Randy Vaughn of Baylor University.

Randal Vaughn is active in Internet security with special interests in detecting, tracking and countering botnet formation and other eCrime activities. Mr. Vaughn lectures on Internet security, cyber warfare, telecommunications and software development at Baylor University's Hankamer School of Business.

Susanne Wetzel is on the faculty at the Computer Science Department of Stevens Institute of Technology. Her research interests are in security, cryptography and algorithmic number theory. In particular, her research is focused on wireless security, secret sharing, privacy, phishing, authentication, and biometrics.

The eCrime 2008 Steering Committee is comprised of Jean Camp, Indiana University; Dorothy Denning, Naval Postgraduate School; Zulfikar Ramzan, Symantec; John S. Quarterman, InternetPerils, Inc.; and Markus Jakobsson, PARC.

Original papers on all aspects of electronic crime are solicited for submission to eCrime '08. Topics of relevance include but are not limited to:

- Phishing, pharming, click-fraud, crimeware, extortion and emerging electronic crime attacks.
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention.
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures.
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures.
- Spoofing of different types, and applications to fraud.
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques.
- Honeypot design, data mining, and forensic aspects of fraud prevention.
- Design and evaluation of user interfaces in the context of fraud and network security.
- Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation.

eCrime 2008 General Chair Gary Warner, said, "It's clear that the criminals are working in an organized fashion to develop new technologies to expand their ability to steal our data, identities, and money. The APWG's e-Crimes Researchers Summit exists to develop and encourage the research that will be the best response to that challenge."

Paper submissions are due: June 5, 2008 (midnight, US East Coast time). eCrime 2008, like past conferences, will offer a cash award for the best overall paper and travel awards for those papers accepted for presentation at the event. Conference details for eCrime '08 can be found at http://www.ecrime2008.org/

Malicious Banner Advertising

MySpace, Excite, and Blick Serve Up Malicious Banner Ads

by Jake Soriano (Technical Communications)

Here’s another case to illustrate the importance of installing security updates, installing them in a timely manner, and installing not just OS updates, but those for third-party software applications as well.

Taking advantage of system vulnerabilities — most often the result of missing, or uninstalled, patches — malware authors are continually taking advantage of websites that have significantly high traffic (and this everyone knows) to target unsuspecting users.

Social networking site MySpace is reportedly said to be laced with banner ads that install malicious programs and files. Trend Micro detects some of these files as employing encryption similar to known variants of RBot, SDBot, and SPYBot malware.

This would not be the first time that MySpace has been compromised.

In November last year, TrendLabs analysts found pages of the social networking site embedded with codes that redirect users to malicious sites.

Similar banner ads were found on the popular search portal Excite.com. Brian Krebs of the Washington Post wrote that there are ads on the Web site containing malicious code, which redirects users to a page that tries to install a malware informing users of a bogus system infection, and then urges them to purchase the software that can “clean” the supposed infections.

The German Web site Blick was reported to have these same malicious banner ads as well.

Social networking sites have been targets of malware authors for a while now because of the large number of people who use them. Users are always reminded to exercise caution in their social networking activities online. And again, everyone is reminded to install all the necessary patches once they are available.