Cyber crime enterprise is showing a growing interest in monetization of botnets, the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus. Zeus is one of the oldest, it is active since 2007, and most prolific malware that changed over time according numerous demands of the black-market.
Recently, Underground forums are exploded the offer of malicious codes, hacking services and bullet proof hosting to organize a large scale fraud. Cyber criminals are selling kits at reasonable prices or entire botnets for renting, sometimes completing the offer with information to use during the attacks.
The model described, known also as a Fraud-as-a-Service, is winning, malicious code such as Zeus, SpyEye, Ice IX, or even Citadel have benefited of the same sales model, cyber criminals with few hundred dollars are able to design their criminal operation.
Since now the sales model and the actor involved remained confined to the underground, usually the access to the offer of cyber crime was possible through selected channels, such black market forums, Deep Web sites or IRC communities.
The cyber crime is becoming fearless world. RSA security experts published an interesting article to describer a concerning phenomena, the criminal offer has exploited the popularity and wide audience of Social Network proposing a customized botnet panel for Zeus Trojan.
The malicious application appears to be developed by Indonesian-speaking developers that improved previous version of the popular Zeus Trojan kit.
The team adopted a winning commercial approach designing a demo website for would-be buyers public visible and publishing a dedicated Facebook page.
The cyber criminals used the social network page to update their customers providing information about botnets, exploits, cyber crime, and of course about their own products (Zeus v 188.8.131.52).
The different cyber laws in force in different countries and their light application in many states has sustained the growth of cyber crime worldwide, criminals are now starting to publicly offer/ acquire malicious codes and hacking services for malicious campaign.
IT community need a globally recognized law framework to address cyber criminal organizations, law enforcement urge the establishment of severe penalties and shared effort to fight a battle against an invisible enemy that hasn't a specific geographical connotation.
Until cyber criminals will have the opportunity to hide themselves in a country whose government will not properly persecute them it's impossible to stop cyber criminal wave.
Cyber crime contrast is a global emergency.