Customized Malware for Sale, Priced Per Feature
The underground market is now mimicking traditional software industry pricing models with a la carte options.
Trusteer researchers report that cybercriminals have begun selling customized web-injects that are priced per feature.
"An evolving underworld market for malware has shifted to start offering more targeted and often bespoke updates to commonly found malware like Zeus and SpyEye," TechEye reports. "Known as web-injects, they are generally used to create fake web pages which pop up when a victim infected with malware uses online banking or makes a transaction. Just like any market, that of malware and web-injects is subject to changes, and Trusteer has found that, while bulk pricing has been popular in the past, web-inject software writers are producing code with specific features."
"This latest development in webinject marketing illustrates how the underground marketplace is following traditional software industry pricing schemes by offering a la carte and complete 'suite' pricing options," Trusteer's Amit Klein writes in a blog post. "Unfortunately, buying high quality webinjects is getting easier and more affordable, which opens the door for more criminals to get into the business of online banking fraud."
"The price of the individual webinject features varies," writes eWeek's Brian Prince. "For example, a capability known as AZ (also known as ATS) that enables an attacker to bypass two-factor authentication, initiate a transfer and update an account balance to hide fraud can cost between $1,500 and $2,000. However a feature called 'Balance Grabber' that captures the victim’s balance information and sends it to the fraudster's command and control (C&C) server was observed priced from $50 to $100. Password-stealing feature TAN Grabber meanwhile goes for between $150 and $200."
"The availability of such options is a major advancement from the early days when generic Web-injects were built for specific banking sites, George Tubin, senior security strategist for Trusteer, said," writes InfoWorld's Antone Gonsalves. "Today, the more sophisticated options mean attackers can get the features they want and are therefore more likely to be successful. 'It's definitely a maturing industry,' Tubin said."