Hackers Get Paid by Malware Flea Market

By Kevin Parrish, published on October 7, 2009 at 8:31 PM
Source: Tom's Guide US | Keywords: , , , , | Themes: The Internet, Software
Syndication: Add to your Google homepage Add to My Yahoo!

Hackers can shop for malware and possibly get paid for infecting computers.

Network World reports that Pay-Per-Install.org could be considered a virtual "malware flea market," offering hackers $140 for every 1,000 U.S. infiltrated computers. The online flea market--or rather an online forum that provides various malicious programs--comprises of ten separate entities including TrafCash.com and Earning4u.com. The virtual market aims to hire on "contractors" who will actually perform hacks that will allow them to take control and exploit computers.

However, the hacking fee takes a small drop for computers outside the States, paying $110 per 1,000 in the UK, $60 per 1,000 in Italy, $30 in France, and a measly $6 in Asia. The site doesn't pay for hacking into Russia computers and those in neighboring countries however; they're considered off limits. "They will not pay for installs in Russia or former Soviet Bloc countries," said SecureWorks researcher Kevin Stevens. "They don't want infection of Russian computers."

Eric Chien, technical director at Symantec's security technology and response division, said that most of the code writers for pay-per-install sites reside in Eastern Europe or Russia. Currently the hot malware item up for sale is the dreaded rogue antivirus software, popping up with false warnings of infection and convincing users to shell out $70 to become sterile once again. He also said that Pay-Per-Install.org is a primary way people acquire malware for devious purposes.

Unfortunately, according to Chien, crime rings such as Pay-Per-Install.org usually exist unchecked. Because these websites can migrate domain names and move onto "bulletproof hosting" or rogue providers that tend to look away, the only way to stop their operations is to go after the individuals behind the crime rings directly.

Comments | Print | Send to a friend

Sponsored links

Comments

burnley14 10/08/2009 2:39 AM
Hide
-9+

What a bunch of assholes. Life would be so much simpler without these people.

cheepstuff 10/08/2009 2:55 AM
Hide
-15+

i'll pay $150 for anybody that can infect and/or crash their servers.

Regulas 10/08/2009 3:00 AM
Hide
-4+

Why can't the FEDS track these assholes and server(s) down.

the_krasno 10/08/2009 3:24 AM
Hide
-6+

A smart hacker would hack the banking accounts of his "contractors" and save himself 1000 times the effort.

cruiseoveride 10/08/2009 4:24 AM
Show
gekko668 10/08/2009 4:26 AM
Hide
-4+

If only the music and movie industries would hunt these people down at the ISP level then life would be less headache instead of suing TPB and barking people with law suits.

Any one else agree with me?

doomtomb 10/08/2009 4:42 AM
Hide
-2+

This is pretty low. This is people's personal lives on their computers that their messing with. Not to mention the businesses that have money at stake. This is just so bad.

pythy 10/08/2009 4:50 AM
Hide
-2+

gekko668 :
If only the music and movie industries would hunt these people down at the ISP level then life would be less headache instead of suing TPB and barking people with law suits. Any one else agree with me?



I absolutely agree but that will never happen because if it did, the music and movie industries would lose their main source of income.

manos 10/08/2009 7:25 AM
Hide
-0+

I don't see how you people find this odd. More or less everything that has a price behind it works that way. If you dont create an issue who will pay to fix it..? And why are all the viruses NON that damaging even if they infect you ( not just viruses.. ) when hey very simply could? Just good enough to know ou have to get rid of them by getting their products I would guess.

anamaniac 10/08/2009 8:11 AM
Hide
-0+

The only thing I find odd is how little they pay...

I know it's inmoral, wrong etc., but regardless, this seems pretty cool.
Good with a computer and want to make some spare cash? Just infect the local school server!

r3t4rd 10/08/2009 10:07 AM
Hide
-0+

Quote :the only way to stop their operations is to go after the individuals behind the crime rings directly.

gekko668 :
If only the music and movie industries would hunt these people down at the ISP level then life would be less headache instead of suing TPB and barking people with law suits. Any one else agree with me?



Agree whoel heartedly. Couldn't said it better myself. Once this is resolved....we need to ship Michael Moore to the moon.

nitto555rchallenger 10/08/2009 10:55 AM
Hide
-0+

Its only a few pennies for a 100 social security #s. So infecting a PC w/ malware that can send data back and forth, whether its instructions to infect other PCs or DL info back to the bot herder is pretty simple in terms of hiding it from anti-virus software. Cuz all you have to do is make little changes, so its undetectable for the mean time. Places that are easy to attack are third-party companies that take the insurance risk of holding major companies' customer information. These third-party companies become compromised and then turn into real-deal spam mailers.

Chasing these people is very hard, because they use rogue ISPs that mask their clients' IP addresses and spoof their whois info, while the hackers can jump between these ISPs to mix it up.

Russia was able to cripple all communications, internet, and some place power grids of the country, Georgia. That's true cyber-terrorism. The same goes for China. They can shut-down internet and communications within itself to stop mass panic for example the latest Muslim rebellion in the north and Tibet demonstrations.

The US just passed a law to allow the same. Stating that its for the purpose of stopping the spread of a global/super-virus or worm, but its more like public censorship. The times are changing for better or worse, its changing fast.

werd 10/08/2009 3:39 PM
Hide
--2+

Really if you think about it the malware market is great for us techies. If there were no viruses or bugs, there would be no money. Bring on the malware, i'll happily charge the infected 65 bucks an hour.

Anonymous 10/08/2009 4:33 PM
Hide
-0+

THAT was interesting!

jtt283 10/08/2009 6:43 PM
Hide
-0+

Hunting these guys down and canceling their tickets would be GREAT training for covert agents, regardless of the country in which they live. GAME OVER.

dextermat 10/08/2009 7:23 PM
Hide
-0+

don't forget that stuff like 360 antivirus and rogues like that are program by Russian mafia.

In Korea, youngster can pitch in on that because they have access to cyber cafe and no money.... so they program....

pretty sad reality

Sponsored links