By examining the methods of Internet predators, information security managers will be better able to proactively protect their own networks from such attacks. Ken Dunham , Jim Melnick. Originally designed as neutral entities, computerized bots are increasingly being used maliciously by online criminals in mass spamming events, fraud, extortion, identity theft, and software theft.
This valuable resource assists information security managers in understanding the scope, sophistication, and criminal uses of bots. How a Hacker Launches a Botnet Attack.
Chapter 6 Technical Introduction to Bots. Chapter 7 Mitigation. Very popular are file encryption and crypting services for malware creation — essential components to allow a malicious code to avoid detection by defense systems. In the following table is the proposed price list for crypters. It is possible to note that is very convenient for criminals to acquire them improving the efficiency of their malware, making the detection process very difficult. In many cases it could be useful to acquire the entire malware requesting specific customization to the creators that also provide the environments to spread the malware.
One of the most popular case studies is related to the famous Zeus malware offered everywhere in the underground with a moderate cost, which often includes hosting services. Following some posts published on Russian forums:. Private sale of source code. I also do builds. Always in the Russian underground, Group-IB discovered the sale of new variant of banking trojan called Carberp that will be used in future attacks against financial institutions.
The most interesting feature is a new bootkit module, the price of which is 40 USD or 10 USD on rent per month. It helps to infect an MBR record which means that the hacker will have a long term opportunity to control the victim without antivirus notifications. In some cases, to protect their anonymity , they deploy the sales structure in the deep web, like what happened to Citadel. Security blog S21Sec discovered last year a new version of Citadel deployed in the Deep Web and developed to avoid detection and analysis, usually done using sandboxes.
Other items often requested in the underground are the Pay-per-install services such as download services, criminals provide the malicious file to a service provider, or ask it for a customization of most common malicious agents, and the provider manages the distribution aspects for them. The value of traffic is primarily based on how important its owner is. Are you wondering how it is possible that I have forgotten DDoS attacks and botnets, and often related events that cause major problems for institutions and companies? The answer is simple, I have not forgotten them but I preferred first to introduce activities through which it is possible to identify a direct process of monetization.
In fact, even botnets are often used to spread malware. To arrange DDoS attacks, criminal need to use specially crafted bots and botnets. This means that he must obtain access to a huge quantity of machines and installs a daemon on it using his DDoS bot kit.
In the following table are the reported costs for DDoS service renting and botnet renting, which is extremely cheap. The data provided is similar to the ones proposed by other security firms such as Fortinet and Imperva. The following is the Cybercriminal Pay Rates proposed by Fortinet in the report:. They are various and they range from hacking services to the production of malicious code customizable according to the clients request.
Money mules are used to anonymously transfer money from entities, typically through anonymous wire transfer services such as Western Union, Liberty Reserve, U Kash and WebMoney. Virtual currency services such as Bitcoin offer a valid instrument for money laundering preventing that law enforcement will be able to intercept the payment made to finance illegal activities.
Usually, each sale transaction is fragmented into smaller batches to elude controls operated by law enforcement. Money Management is vital aspect, as organizations have to track the resources used and the earns for their utilization, they do this utilizing commercial business process management tools, financial systems and many other instruments to manage everything from software development to accounts payable. During the last month, I have had the opportunity to collaborate with security experts from the information security company Group-IB, a security firm that is very active in the fight against cybercrime.
The collaboration was for me the opportunity to look at a lot of interesting information on the evolution of the cybercrime phenomena. The company faces lots of penetration testing and vulnerability assessments jobs for the financial and industrial sector, activities made possible with the elaboration of its own statistics to figure that the stable directions of vulnerabilities research from cyber criminality are in:.
They are rather rare, because for it you need to do deep research of OS architecture. The next scenario is to place remote connection modules by patching RDP or placing modified VNC or Team Viewer servers for reverse connections to the victim and organizing a new transfer under its IP address. Other areas of interest for underground hacking communities are:. The ways of exploitation in modern industrial sector are often privately spread because they are depended on the OS, for example real-time OSs like QNX are really hard to compromise and mostly they are isolated from the ISP.
Security firms use similar tools to detect potential targets of the cybercrime, in the next picture is proposed the Group-IB automated systems for SCADA environments detection. It is easily seen that it plots the site of interest on the map where are located potential targets such as industrial infrastructures.
More than control systems can be easily found through the WEB, which is really great threat to the industrial sector. The attackers began to use non-standard ways for attacking SCADA environments such as satellite telemetry terminals, video-cameras, alarm-management devices and etc. The trend for years will be in that lots of vulnerabilities on software will be used as cyber warfare products on banking and industrial sector. Lots of cybercrime will be organized through alternative and mobile platforms. The fight to cybercrime is an arduous task an endless clash between the law enforcement and cyber-criminal groups that are growing under organization aspects and that are able to provide products and services more and more advanced.
Cybercrime is a worldwide phenomenon that menaces economics and the security of every state. Write a customer review.
Showing of 4 reviews. Top Reviews Most recent Top Reviews. There was a problem filtering reviews right now. Please try again later. Format: Hardcover Verified Purchase.
I bought this book for the little bit of melnick memorabilia i could find on amazon, it was an awesome concise and short book on infiltrating a group of KGB commie scums. It was off the chart to see the level of detail, and follow the professional career of someone in IT security.
I recommend it, so long as you are going for the paperback version, hard cover is a little much Would keep it in the library. Format: Hardcover. I found this book interesting and informative.
It's a very well put together, fascinating read covering several of the more infamous malware cases over the past decade. Unlike some of the other books, the authors tell stories about cases instead of simply listing facts, which makes Malicious Bots a fun and engaging read. I certainly recommend this book to anyone that's interested in computer security research-- particularly folks new to the field.
My only complaint was that the book is short and thus was over too soon. One person found this helpful. As the previous reviewer stated, there are only about pages of actual text. There is nothing inherently wrong with the book, it just isn't what I expected when purchased. Decent stories, but not a good intro to the subject. Would not make the mistake of purchasing this book if I had the chance over again.
Malicious bots is an interesting book. It has about pages of text, so it is expensive in relation to the price.