Skip to content
photo byelhombredenegro/flickr​

Hacking Tools Fuel Russian Black Market

ZeuS, one of the most infamous Trojans out, can log keystrokes, intercept data, and steal login credentials -- and it can be yours for around $300. Need an e-mail spamming service to send it? That’ll be $10 -- $10 dollars per million e-mails, that is.

Through monitoring Russian hacker forums, a cloud security company’s threat researchers found that Russia’s cyber black market is thriving on sales of the same hacking tools that the FBI says hackers haveused to cause millions of dollars’ in losses. The company’s latest intelligence report,Russian Underground 101, says hacking has gone from being a hobby to a way for cybercriminals to earn a living.

“We need to distinguish cyber activists into 3 different groups,” said Max Goncharov, senior threat researcher at Trend Micro and author of the report: People who do it for fun, people who use it to supplement their primary income, and professional hackers who make living exploiting networks. Goncharov says the third group is growing and the quality of hacking is getting better.

The market is so lucrative, and start-up costs so minimal, that people with no hacking experience can buy their way into the game, Goncharov says. Using these underground forums, a hacker could launch a large scale e-mail phishing campaign to install malware that steals personal information for around $200. For $10, hackers can subscribe to services that tell what security software will be effective against their malicious files.

Since 2007, Trend Micro has been monitoring Russian, English and Chinese-language forums using specially developed software that stores and analyzes data coming from them. A typical forum posting, examples of which are included in Goncharov’s report, goes something like this:

“You give me an .EXE and any ordinary .PDF file (if you don’t have one, I can use a blank .PDF or my own) that should be shown to the user. I will stitch them together and give you a toxic .PDF file. When it’s opened the .EXE and .PDF are extracted and the toxic .PDF is replaced by the ordinary .PDF and is displayed to the user. This service costs $420.”

Middle men, who Trend’s threat researchers call “esquires,” handle the transactions making sure both goods and services and payments are place before fulfilling the transaction. Esquires receive a 5 to 10 percent cut.

“You can buy the source code of ZeuS, you can enlist people who will provide a bullet-proof server and install it there for $10-$50USD … You can find people who will help compile and crypt a dropper for $40-$200USD … You can find people who will sell you the traffic of possible victims whom you are going to infect using purchased exploit kits for $10-$500USD,” Goncharov said by e-mail.

That’s around $1,000 to set up an operation to harvest credit card numbers, bank accounts, and e-mail passwords. (Last year, thegoing rate for a batch of one million United States email addresses was around $25)

See the full price list in Goncharov’s reportRussian Underground 101, showing what's being sold on the most popular underground forums.