Rent-a-botnet makes cyber crime a breeze
Online fraudsters that aren't highly skilled in the arts of cyber crime can
now rent a service that offers an all-in-one hosting server with a built-in
Zeus trojan administration panel and infecting tools, allowing them to create
their own botnet.
EMC's
security division, the RSA
Anti-Fraud Command Centre (AFCC), cited an increase in the use of the Zeus
trojan in attacks against financial institutions in its April online fraud report,
claiming the trojan is "extremely user friendly and easy to operate".
"Fraudsters who execute Zeus attacks simply need to take control of a
compromised server or have their own back-end servers; once they have a server
in place, they merely need to install the Zeus administration panel, create
a user name and password, and start launching their attacks," the report
stated.
But the AFCC recently traced a new service that does all of the above for would
be botnet barons. The service offers access to a "bullet-proof hosting
server with a built-in Zeus trojan administration panel and infection tools...the
service includes all of the required stages in a single package, meaning that
all the fraudster now has to do is pay for the service, access the newly-hired
Zeus trojan server, create infection points and start collecting data".
RSA's banking and finance specialist, Geoff Noble, said that those offering
the Zeus package are mirroring what legitimate security vendors are offering
-- security-as-a-service -- but in their case they are slinging malware-as-a-service.
"Phase one of online threats was stealing credit card numbers, buying
stuff on the internet and selling it somewhere else to make a profit. Phase
two is this grabbing of user names and passwords online, phase two 'b' is productizing
that solution, and phase 2 'c' is offering that solution as a service,"
Noble said.
"What Zeus means is that you are buying a service with traditional software
support and maintenance, so you can go about your business without updating
and patching."
RSA said that the exploit package allows fraudsters to easily infect users
and grow a botnet of compromised machines, and boasts an easy to use Web hosting
control panel that can be used by virtually anyone.
"The bottom line is that with such services, creating the infrastructure
for Zeus attacks and actually implementing these attacks is now easier than
ever before", the report said.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
