RSA 2009: Criminal Infrastructure Lets Malware Thrive
Erik Larkin writes on PC World:
The lurking Trojan and the password-hungry keylogger are only the tip of the iceberg.More here.
As in today's globalized legit economy, malware's ability to spread and make money for its dastardly creators rests upon on a wide array of underhanded support services. At the RSA conference in San Francisco today, researchers who have dug deep into the criminal online infrastructure described some of those services.
Lawrence Baldwin of myNetWatchman.com described an "Xsox" botnet of malware-infected PCs that provides an anonymization network for criminals who want to hide their tracks - or make it look as if a bank login is coming from Alabama, say, instead of somewhere like the Ukraine.
The simple GUI interface that Baldwin displayed allows a bad guy to see all the currently available Xsox-infected computers, with their IP address, country, uptime and other information readily displayed. Simply clicking on one establishes an encrypted connection and use of that PC as an "exit node," Baldwin said, so that any connection to a bank site or anywhere else appears to come from that exit node instead of the crook's computer.
This service-providing botnet has been around for about 3 years, Baldwin said. He estimates it's used to withdraw between $2 and $5 million from banks per day, and says that the ISP that hosts the botnet has never received a complaint in 3 years.