Have we really reached the point where the ill intentioned can buy off the rack botnet and malware services?

wstark

Has Malware and botnet development become a "legitimate" storefront operation? I find it shocking that malware is freely available for purchase, often complete with user licensing agreements and updates as part of the package. The irony of off the shelf malware that includes licensing and free updates is pretty close to making my head explode. I don't want to post the link and help enable this, but there is a website that openly offers a Facebook/Twitter/google+ CAPTCHA bypass bot for sale. The idea that malware as a service (MaaS) is a reality, to the point that it has evolved into a more or less standard business model indicates just how much vigilance is required from an IT security standpoint. How can these types of sites openly sell this stuff?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (9)

Well remind me to get that captcha thing so I don't have to keep filling it out each time I post an answer. Ha! ;)

All kidding aside, yeah it does seem a bit ridiculous that they can do this. But how would you police it to stop them? Who would enforce it?

But maybe these things having visibility has an upside. It might make it easier for those tracking them to come up with solutions to stop them since they are more visible and easier to find and monitor.

lsmall
Vote Up (6)

 

It is a huge business, as the recent ChangeDNS botnet that infect four million computers reminded us.  I can understand the development and distribution from a purely logical standpoint (putting aside any considerations of morality) - someone can use their expertise, develop a product for a market that has ready buyers, receive a sort of recognition for the quality of their malware, and most importantly from their standpoint create income from their work.  Much malware is developed in the east in countries that were part of the Soviet Union, where there are well educated people with limited opportunity to turn their expertise into income that matches that which they would expect if they were MS/Apple/Google/etc. employees with the same skill-set.  

 

From a distribution standpoint, the majority of sales of "commercial" malware and bots takes place in underground forums on the dark web, with payments using established services such as Yandex.  Ironically, to succeed as a vendor and compete in the marketplace, individuals selling malware have to demonstrate a level of trustworthiness, good customer service and competitive pricing.  Since the vast majority of the host servers are not located in the US, it can be extremely difficult for officials in the nations where the malware is deployed to take effective legal action against the creators and users, even when they are identified.  It can be a low risk, high return business, so it does not surprise me that it exists and flourishes.  Now if you excuse me, I have to go update my anti-malware software!    

 

Ask a question

Join Now or Sign In to ask a question.
The attorney general of the U.S. state of Connecticut is concerned about the privacy implications of Apple Watch's handling of consumers' health information.
A banking trojan, known for its small size but powerful capabilities, has expanded the number of financial institutions it can collect data from, according to security vendor Avast.
It's not easy to figure out if your data has been collected by hackers, but an online tool has been expanded to hunt through one of the most prolific sources of leaked data, known as "pastes."
In the boardroom, when it comes to addressing the topic of security, there's tension on both sides of the table.
Miffed certificate authorities are calling on Google to give websites more time to upgrade the security used in browser-to-server communications before displaying warnings in Chrome.
What goes through the mind of a CSO/CISO upon being told by his or her team that their organization has been breached?
A security researcher has found that the malware used in the Home Depot and Target breaches are unrelated and cannot be used as an indicator that the same group is behind the attacks.
As VMware sells its network virtualization software, it's finding that security is a big driver for adoption.
Google fielded 19 percent more requests from the U.S. government for data on its users in the first half of this year compared to the second half of last year, the company said Monday.
What should happen to your personal digital communications -- emails, chats, photos and the like -- after you die? Should they be treated like physical letters for the purposes of a will?
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness