Criminal network to trade botnets and malware uncovered

Share this article:
Researchers at a web security firm have discovered what they term the latest milestone in the evolving cybercriminal underground: a one-stop-shop for hackers.

Called Golden Cash, the network enables cybercrooks to buy and sell control of compromised computers, as well as trade tools for creating malware and controlling and collecting data from botnets. Also, the platform contains about 100,000 stolen FTP credentials for sale.

The discovery of the Russian-based platform, believed to be run by individuals related to the Russian Business Network (RBN), was noted in the second issue of Finjan's 2009 Cybercrime Intelligence Report.

Finjan CTO Yuval Ben-Itzhak told SCMagazineUS.com on Wednesday that Golden Cash represents the next step in the professionalism of cybercrime markets. As a result of such platforms, people can expect attacks to grow in speed and efficiency, he said.

"It's no longer a big, technical effort [to conduct attacks]," Ben-Itzhak said. "This is the first time everything has been managed through the same interface. It's everything combined."

The going-rate to purchase packages of 1,000 compromised machines on the network ranges from $5 to $100, according to Finjan. Once the batches are bought, partners are then paid to distribute the botnet and collect FTP credentials entered on the victim PCs. Meanwhile, sellers can use the network to earn up to $500 per 1,000 zombie computers.

Those running Golden Cash also have found ways to protect their operation, Ben-Itzhak said. For one, the platform blocks IP addresses belonging to security vendors (Finjan researchers used IP addresses not owned by the company). In addition, Golden Cash sits behind a number of proxy servers that hide the origin of the actual web server being used.

Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, said many in the investigative community have known about Golden Cash for some time, but this discovery helps spread the word about the slickness of the criminal underground.

"The news is that they've just been outed," Warner told SCMagazineUS.com on Wednesday. "Finjan has just exposed them to the public eye through their report. I would guess something will happen to them very quickly now that this has happened."

Finjan has notified law enforcement in Russia and Estonia. As of Sunday, the network still was operating, but Ben-Itzhak expects action to be taken soon.

He said businesses can do their part to lessen the success of such operations as Golden Cash by applying patches for vulnerabilities as they become available.

"When you leave these doors open, someone will come in your door," he said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.