According to Amit Klein, the in-browser security specialist’s chief technology officer, these one-stop shops are where criminals can buy everything they need to meet demand from fraudsters.
Trusteer, he explained, has come has come across a new fraud group that – as well as offering infection services for prices between 0.5 and 4.5 cents for each upload, depending on geography - also provides polymorphic encryption and AV checkers.
This new one-stop-shop approach for malicious services, he asserts, is a natural evolution of the market: if the customers need to infect, then they also need to evade AV. Why not sell the whole package?
For polymorphic encryption of malware instances, he says, the fraudsters are charging from $25 to $50 - and for prevention of malware detection by anti-virus systems (AV checking) they charge $20 for one week and $100 for one month of service.
Klein says that it is now a buyer’s market, with his firm’s research operation having also come across advertisements published by prospective buyers of infection services.
The ad, he notes, basically presets the buying price, how it is charged and the scope of the service, with the advertiser only paying for unique uploads, with the price calculations being conducted according to the advertiser's own Black Hole exploit kit stats module.
In addition, Trusteer says that the advertiser will pay in advance to the sellers with recommendations, i.e. those that have 1-10 `fresh’ forum messages, otherwise the sellers are paid afterwards.
Klein notes that the final paid price for the service depends on percentage of infections:
$4.50 for 1,000 of traffic with 3% of infections
$6.00 for 1,000 of traffic with 4% of infections
$30.00 for 1,000 of traffic with more than 20% of infections
“Lastly, in an attempt to stay competitive we came across an ad by an Encryption Service provider that sold its service for $20.00 per file, and offered a money back guarantee if it fails an AV checker”, he said.
“Trusteer’s advises banks and their online banking users to maintain constant vigilance, apply software updates, maintain an awareness of new threats”, he added.
“Trusteer strongly recommends to complement desktop hygiene solutions like anti virus with security controls specifically designed to protect against financial malware.”