In a series of blog posts throughout 2013, we emphasized on the lowering of the entry barriers into the world of cybercrime, largely made possible by the rise of managed services, the re-emergence of the DIY (do-it-yourself) trend, and the development of niche market segments, like the practice of setting up and offering bulletproof hosting for a novice cybercriminal’s botnet generating platform. The proliferation of these easy to use, once only found in the arsenal of tools of the sophisticated cybercriminals, tools, is the direct result of cybercrime ecosystem leaks, cracked/pirated versions, or a community-centered approach applied by their authors, who sometimes rely on basic ‘freemium’ marketing models, namely, offering a free and paid/licensed version of their cybercrime-friendly tools.
Not surprisingly, we continue to observe the development of the niche market segment targeting novice cybercriminals, empowering them with botnet setting up services, as well as bulletproof hosting for their command and control infrastructure. In this post, I’ll discuss yet another such cybercrime ecosystem market proposition, that’s differentiating its unique value propositions (UVP) by vertically integrating — offering binding of Bitcoin miners and malware crypting services — as well as offering the option to set up a dozen of well known IRC/HTTP based botnet generating tools.
Sample screenshots of the cybercrime-friendly underground market ad:
The PerfectMoney, Bitcoin, Skrill, WMZ, PayPal accepting service, offers bulletproof hosting servers in Russia and Ukraine, as well as the option to include “pre-rooted” malware infected hosts with each and every setup, as means to give novice cybercriminals a performance boost, helping them setup the foundations for successful campaigns. There are multiple ways through which such services are made commercially available to novice cybercriminals. The vendor could either setup a purely malicious infrastructure, and basically ignore all abuse notifications, then promptly migrate the customer’s base to a new location, upon getting blacklisted, or it can rely on the popular franchise/affiliate-based type of partnership with established hardcore cybercriminal bulletproof hosting providers, outsourcing the very bulletproof process to experienced cybercriminals, in between securing them new customers.
We expect to continue observing a steady increase of international underground market propositions for one-stop cybercrime E-shops, with the vendors behind these services, continuing to directly lower the entry barriers into the world of cybercrime.