February 9, 2007 11:13 AM PST
Price of cybercrime tools shrinks
- Related Stories
Super Bowl stadium site packed Trojan horseFebruary 2, 2007
Police maintain uneasy relations with cybervigilantesJanuary 17, 2007
Year in review: Data still the golden gooseDecember 27, 2006
Security from A to Z: HackersNovember 27, 2006
The future of malware: Trojan horsesOctober 13, 2006
Senate ratifies controversial cybercrime treatyAugust 4, 2006
University opens school for hackersJune 19, 2006
RSA: Consumer trust and the government's thrustFebruary 17, 2006
Jens Hinrichsen, the company's product marketing manager for fraud auction, said Thursday that RSA has been monitoring the Web sites and ICQ channels where malicious hackers and cybercriminals interact. These sites allow participants to share feedback and even review one another's products.
Addressing an audience at the RSA Conference 2007 here, Hinrichsen showed several screengrabs to illustrate that the prices being asked for hacking tools have been dropping, with many participants embracing volume discounts and other incentives.
One example was a post offering a "Super Trojan," which could be used to install malicious code on a victim's PC, for $600.
"What's interesting is that this is actually a reviewed vendor, who actually had a lot of good transactions. He's offering this custom piece of crimeware for only $600," said Hinrichsen, who added that he "loved the term 'Super Trojan.'"
"So, when we talk about the ever-increasing ramp-up of more sophisticated tools," he said, "the prices are coming down."
Another example was someone selling e-mail address lists and log-in details for sites such as eBay.
"For one to 10 accounts, this guy would charge you five bucks per account. But they've got discounted rates--just like any other institution would offer their customers. So if you buy 10 to 50 accounts, he'll give it to you for $4.50 each. Fifty more accounts would be $3.50 each," Hinrichsen said.
Other examples shown included a list of 15,000 e-mail addresses, which had all apparently been verified as genuine, for sale for $1,500, a hacked root server for $100 to $150, and someone offering to host a financial scam on his Web site for $20 per day, or $80 for a week.
Graeme Wearden of ZDNet UK reported from San Francisco.
4 commentsJoin the conversation! Add your comment