RSA researcher Limor S. Kessem stated that Fraud-as-a-Service (FaaS) offerings are marketed via popular social networks. She pointed out that there are even distinct sale items, for instance, “customized botnet panel programmed to work with the Zeus Trojan – both reworked by what appears to be an Indonesian-speaking malware developer.”
According to Kessem, the developers of suggested items can customize a control panel for the administrator of the website or create a demo website for potential buyers. As the result, there are some posts on a Facebook page with frequent updates and information about botnets, exploits, cybercrime, and their own product (Zeus v 1.2.10.1).
Despite the fact that now the market of FaaS offerings is quite large, some could find something “special”:
“Since the Zeus code leak in mid-2011, the world of information security foretold the coming development of new breeds of the malware and the compilation of working variants from the source code in the hands of those versed in malware programming. Seeing new customized Zeus Trojans out in the wild is very common, but seeing someone marketing a Zeus v1 kit is not,” stated Kessem.
The researcher explained that here one can see the code leak, which leads to the availability of the Trojan, especially when all the major developers are trying to avoid being seen or discovered.
“Marketing cyber crime in such an open and accessible manner is not something common. Cybercriminals usually fear for their freedom and will not expose their endeavors online to potential undercover cyber-police officers and security research,” wrote Kessem.
“The cybercrime underground may have lost most of the access it had to the major commercial Trojans after Zeus, SpyEye, Ice IX and Citadel’s developers all decided to quit vending their malware freely, but it seems that FaaS [Fraud as a Service] is definitely keeping things alive in the crime world,” she said.
With affordable kits and even an old Trojan like Zeus v1 can be used to hijack bank credentials and in online financial fraud schemes.
The researcher also said that today laws and punishments are developing all over the world, which helps investigation, uncovering and proving cybercrime.
