The Hacker News
Software that facilitates the attack by beginners online scammers and the future is big business anarchists, says Karlin Lillington

The suites are equipped with new software with all the trappings of modern software now offers: cloud computing hosting, software as a service (SaaS) functions, outsourcing, digital certificates, licenses to prevent piracy, software modules, and provided services and support packages.

But the difference between these programs - listed in the Internet Relay Chat rooms, instant chat (IRC) and private online forums - and what it could buy public providers is that they offer more software piracy increasingly sophisticated for simple - young hackers with little ability to write their own computer code.

"Lessons learned from large companies legitimate software - such as development practices, techniques and anti-piracy, support and prices - are regularly repeated in the informal economy, in order to increase efficiency and profits, says the safety report Symantec is the company this week, an increase in the underground market for so-called "attack tools".

According to Orla Cox, security operations manager at Symantec Security Response Centre in Dublin, a mature market for software piracy and the dismay of former creators of these packages to see - ironically - widely pirated and available from sites hacking discussions have produced a software piracy landscape that is increasingly indistinguishable from legitimate businesses.

"They're trying to differentiate themselves from competitors," he says. Therefore, providers of software suites, which typically cost a few hundred to a few thousand euro, easy to give a variety of services catering to the novice hacker.

As security companies like Symantec same suite of these manufacturers to offer a regular basis, but allowing their rogue software exploit newly discovered vulnerabilities in browsers, applications and infrastructure.

Or maybe you want a supplier of pirated software to provide the hosting service for those who carry malicious code? E 'served too.

And if a large packet is too expensive, buyers can purchase modules instead of allowing them to make certain types of piracy.

As with mainstream commercial software, many packages that enable buyers of licenses or the use of digital certificates to ensure that packages will not suddenly appear on the sites for free file-sharing or IRC channels.

The new sophistication of the software indicates more limited capabilities of buyers, "said Cox." These pirates are less educated, if you will, "he said." They have more than one approach rather than the amateur hacker who learns the code of the old school . Buyers have computer skills, perhaps, but no coding skills. "

pirates even beginners can be combined in a package of service and support to help when they encounter a new module a bit confused or can not understand how to get your software settings quite right.

"It would be a big underground," said Cox. "I do not exactly have a hotline you can call. But the use of IM or IRC."

The master suite is sold is called "good kit, and the most common way of staging an attack on users to insert malicious code into the victim's computer.

"It allows you to configure your own malicious site with everything you do. Maybe pass the malware or redirect to a malicious site when the visitor finds the site," says Cox.

"It allows you to build your own stadium botnet attacks or send spam."

Hackers try to attract visitors to their sites through optimization techniques search engine and keyword generation.

The most popular - 44 percent - is the expression associated with adult entertainment sites, while the second most common expression is associated with streaming video, the report said. Toolkit users can also use the "typo-squatting" - they register a domain name a letter or two that a popular website in the hope of conquering the keyboard awkward.

In some cases, users of these kits work of professional cyber-crime gang, who will pay for each computer novice hackers can compromise, the bands will contribute to creating a massive botnet attacks staged, Cox said.

A number of kits high level exploits have attracted the user greater attention to the problem during the past year. Topping the list, at least for the humiliation factor of success was a violation of U.S. Treasury three sites using a toolkit called Eleanore May

Site-visitors to malicious websites, which infects visitors Code and rogue security software, according to a report.

Another scam uses an effective toolbox of people called Zeus data harvest of 55 000 vulnerable computers last August. The group behind the attack, called Avalanche, use a botnet to steal bank details and credit card victims.

Symantec said "the relative simplicity and efficiency using attack tools" have led to new pirates with some coding skills, are increasingly hacking for financial gain, instead of blurring the websites or hurt in general. The report indicates that toolkits are used in most malicious online attacks - shows that the relative novice is probably now behind the majority of pirate attacks - with Zeus alone accounts for more than 90,000 examples of malicious code in just one months in 2009.

"It is very probable that the attack tools that Zeus was responsible for infecting millions of computers," the report said.

Symantec is looking at the black market for signs of consolidation, "said Cox. As the world of consumer software, toolbox some producers seem ready to go to work with a product rather than continuing to cast competing.

The market for products merged could be very lucrative. Zeus will sell up to $ 4000, but there are rumors that a new toolkit consists of Zeus consolidated with another toolkit is now available for about $ 8000.

"The kits are more expensive - and more effective," says Cox.

News Source : Google

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.