The Current State of the Crimeware Threat

With Zeus crimeware infections reaching epidemic levels, two-factor authentication under fire, and the actual DIY (do-it-yourself) kit becoming more sophisticated, it’s time to reassess the situation by discussing the current and emerging crimeware trends.

What’s the current state of the crimeware threat? Just how vibrant is the underground marketplace when it comes to crimeware? What are ISPs doing, and should ISPs be doing to solve the problem? Does taking down a cybercrime-friendly ISP has any long term effects?

I asked Thorsten Holz, researcher at Vienna University of Technology, whose team not only participated in the recent takedown of the Waledac botnet, but released an interesting paper earlier this year, summarizing their findings based on 33GB of crimeware data obtained from active campaigns.

Go through the Q&A.

Related posts on crimeware kits, trends and developments:
Crimeware in the Middle – Zeus
Crimeware in the Middle – Limbo
Crimeware in the Middle – Adrenalin
76Service – Cybercrime as a Service Going Mainstream
Zeus Crimeware as a Service Going Mainstream
Modified Zeus Crimeware Kit Comes With Built-in MP3 Player
Zeus Crimeware Kit Gets a Carding Layout
The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw
Help! Someone Hijacked my 100k+ Zeus Botnet!
Inside a Zeus Crimeware Developer’s To-Do List

Zeus crimeware serving campaigns for Q1, 2010, related to TROYAK-AS:
TROYAK-AS: the cybercrime-friendly ISP that just won’t go away
AS50215 Troyak-as Taken Offline, Zeus C&Cs Drop from 249 to 181
Outlook Web Access Themed Spam Campaign Serves Zeus Crimeware
Pushdo Serving Crimeware, Client-Side Exploits and Russian Bride Scams
PhotoArchive Crimeware/Client-Side Exploits Serving Campaign in the Wild
Tax Report Themed Zeus/Client-Side Exploits Serving Campaign in the Wild
Keeping Money Mule Recruiters on a Short Leash – Part Two

This post has been reproduced from Dancho Danchev’s blog. Follow him on Twitter.

Author: Dancho Danchev

Leave a Reply

Your email address will not be published. Required fields are marked *