Symantec says Internet underground economy is organized and rich
Symantec's Report on the Underground Economy details cheap cyberattack tools, high price tags for bank account information, and software piracy trends.
Did you know that you can buy a keystroke logger for $23 or pay $10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site averages $740 and runs as high as $3,000.
That's according to the Symantec Report on the Internet Underground Economy due to be released Monday.
Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.
For example, credit card information accounted for more than 30 percent of all of the types of goods and services sold and was the most requested category. Bank account credentials were the most commonly advertised thing for sale on underground economy servers monitored by Symantec, with prices ranging from $10 to $1,000 depending on the balance and location of the account.
This is a lucrative business, Symantec has discovered. If the sellers were able to sell everything they were offering, the amount would reach more than $275 million. That represents just the sales amount. Factoring in the emptying of victims' accounts and maxing out credit cards, the potential worth of credit card information and bank credentials for sale would be $7 billion, the report estimates.
The report also studied trends in software piracy, with researchers monitoring those sales between July and September of this year. The most pirated software was found to be desktop games, followed by utility applications and then multimedia software, such as photo editors, 3D animation, and HTML editors.
There is some interesting geographical data as well. Most of the people uploading pirated software to be sold were in the United States, the report found. The U.S. was home to most of the underground economy servers (41 percent) followed by Romania (13 percent) and North America had the largest number of underground economy servers.
Meanwhile, cybercriminals in Russia and Eastern Europe appear to be more organized than their counterparts in the North America who are "often made up of acquaintances who have met in online forums and/or IRC channels," the report says.
"The big picture is this system is highly self-sustaining. You can buy the attack tool kit, use it to steal information and sell that information to others in the economy," Zulfikar Ramzan, technical director of Symantec Test and Response, said in an interview. "You don't need to have expertise in every area of cybercrime. You can have expertise in just one area and with others, form a supply chain to make money."
The report joins a growing list of research devoted to the organization and sophistication of the cyber underground. Affinion Group , as well as McAfee and Finjan monitor such underground marketplaces. RSA discovered that data from 550,000 online bank accounts and credit card accounts was stolen with the aid of one Trojan, and has done research on the "Internet Fraud Chain".
Updated Nov. 24 with Symantec researcher comment and background on other research.