THE CYBER-CRIME BLACK MARKET: UNCOVERED - Panda Security

THE CYBER-CRIME

BLACK MARKET:

UNCOVERED

PANDA SECURITY REPORT

THE CYBER-CRIME BLACK MARKET: UNCOVERED

IndEX

1. Introduction

2. The evolution of malware aimed at stealing bank details

3. How the black market works

4. The black market at-a-glance

5. The sales process

5.1. The product

5.2. The contact

5.3. Try & Buy

5.4. Online testing

5.5. Minimum orders and bulk discounts

5.6. Specialized online stores

5.7. Methods of payment

5.8. Customer services and support

5.9. Promotion

6. How to minimize the risk?

This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written

permission of PANDA SECURITY. ? 2010 PANDA SECURITY. All Rights Reserved.

2

intro

1. Introduction

PANDA SECURITY REPORT

THE CYBER-CRIME BLACK MARKET: UNCOVERED

4

Many of us in the team at Panda Security spend a lot of time traveling

and attending all types of events: from specialized IT industry fairs and

congresses, to those aimed at businesses, end-users, etc. Yet even though

it is becoming more common to hear about the arrest of hackers that steal

information and profit from it in many different ways, there are still many

members of the public, not necessarily dedicated to IT security, who ask

us: ¡°Why would anyone want to steal information from me? I don¡¯t have

anything of interest¡­¡±

Another factor to bear in mind is that today¡¯s profit-oriented malware is

designed to steal data surreptitiously, so the first indication that you have

been a victim is when you get your bank or Paypal account statement.

This

complete,

anonymous

and

fraudulent business is highly profitable

for some, although obviously to the

detriment of others. From the comfort

of an office or bedroom, with a single

computer and spurred on by the lack of

international legislation or cooperation

between

countries

to

facilitate

investigations and arrests, cybercriminals have been making a lucrative

living from these activities.

Moreover, there is a general perception that this problem only affects

home users, and that businesses are immune. The result of our research,

as you will read below, shows that this is not the case: Today nobody

¨Cneither home users nor businesses- is safe from confidential data theft

(and the consequent fraud).

This is despite the increased effort in recent years to improve awareness

and education in IT security, initiated by governmental agencies in many

countries, and of course, thanks to the security industry as a whole, along

with other institutions, organizations, media, blogs, etc., who have been

assisting with the task for some time now.

Although we don¡¯t have precise data, we believe that this nefarious

business has expanded with the economic crisis. Previously it was in no

way easy to locate sites or individuals dedicated to this type of business,

yet now it¡¯s relatively simple to come across these types of offers on

underground forums.

Price wars, numerous ¡®special offers¡¯ and the diversification of the business

are all indications of how these mafias are desperately trying to drive up

revenue. A few years ago, it was just a question of the sale of a few credit

card details. Now, in addition to offering all types of information about

victims -even the name of the family pet-, other services are available,

including physical cloning of cards or making anonymous purchases and

forwarding the goods to the buyer.

steal

2. The evolution of malware aimed at

stealing bank details

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download