Feature

Internet Researchers Discover New Hacking Service Site

Internet security researchers are warning about a new malware service, apparently based in Eastern Europe, which pursues a business model charging a fee for each PC infected.

MORE ON Malware Threats

Gozi Trojan Resurfaces, Security Researcher Finds

Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy

The site is likely based out of Russia, according to the security researcher’s sources who asked to remain anonymous because of their underground intelligence work. While the front-end website, called loads.cc, doesn't appear to contain or deliver malware, readers are strongly urged to avoid visiting the site in case malware is present and because the site likely logs the IP addresses of its visitors. (The “.cc” Internet domain is assigned to the Australian territories of the Cocos and Keeling Islands.)

The sources discovered the site while performing forensics on some servers known to host malware. They say that, when last checked, loads.cc was still in operation.

A view of the loads.cc homepage, provided by researchers.

This service is another example of a service-based hacking product, similar to others recently reported here, that opens up Internet crime to less technically proficient criminals. Rather than compete with some of the other services, it actually complements them.

Whoever is running loads.cc controls a botnet that may include up to several million PCs in its network, according to the sources. The operator of the site provides real-time information on the size and availability of the botnet. The site operator charges clients for using the botnet to infect computers with whatever malware the customer chooses. The going rate at the time of its discovery was about 20 cents per "load," or per successful injection into a vulnerable PC.

A client can ask in advance for a certain number of infections, say 1,000 infections for a $200 fee. Customers can also pay for loads based on country, IP addresses or other attributes. Once the job is done, the client receives a report—essentially an itemized bill—of the IP addresses where loads were successful. Then the perpetrators can pursue their goals: For example, they could potentially distribute spam, grab PC owners’ online banking information, or steal log-in credentials.

This is slightly different than the service model used by the criminal hackers behind the Gozi trojan and 76service, as reported in a special report. With 76service, clients paid for access to a form-grabber that had already infected the machine. This made each infection more expensive, since access was mostly exclusive and the trojan was already installed and operating on behalf of the buyer. With loads.cc, the client is paying to infect the machine in the first place, with whatever malware the buyer chooses. (The Gozi trojan resurfaced this week being distributed via PDF spam.)

1 | 2 |next page »

Comments

Share [+]

TOOLS

Comments

Digg This

SlashDot

CENTER OF EXCELLENCE

Security

» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.

» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.

» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.

» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.

» Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.

Center sponsored by