A new industry for would-be internet fraudsters is emerging, helping those without technical knowledge or resources to advance their cybercrime careers, Uri Rivner, RSA's Head of New Technology told delegates.
Facilities such as professionally run discussion forums that often include in-depth reviews of malware products and money laundering services are just some of the new sources of help for fraudsters, he said.
In practice, this means that online fraud is now a serious option for many who would previously have suffered from their lack of technical know-how. “We estimate that only about 10% of online fraudsters have the technical knowledge needed to securely host and regularly upgrade malware, and infect a large number of computers with it,” he said.
The market for malware products and services mirrors the legitimate software industry, with competition between malware developers forcing prices down, and spawning innovative new service models, said Rivner.
The Limbo trojan is a good example of the new breed of “affordable” and carefully designed malware products, offered at $350, he said. When present on a victim's PC, Limbo can insert code into the HTML received from banking websites, appearing on the screen as extra fields that typically request important account details. The page itself is genuine and the fields are seamlessly inserted, said Rivner.
Fraudsters can also receive help in placing malware on machines in the first place, with infection services priced per thousand machines, said Rivner. Prices also vary according to the target country, and whether exclusive or non-exclusive infection is offered. These developments are paving the way for the concept of “fraud as a service,” said Rivner.
However these sophisticated new models have their own vulnerabilities. Online forums where products are offered for sale and business deals are discussed are also communication bottlenecks. Gaining a reputation is an important part of acquiring customers, and fraudsters may unwittingly reveal important clues about their true identity, said Rivner.