Underworld economy runs on bots and spam

Market for hijacked PCs fuels online crime

Shaun Nichols at RSA, San Francisco

The world of cybercrime is thriving on spam and the means of distributing it, say security experts.

A panel of security and anti-spam experts discussed the market that has grown around spam, malware and identity theft today at the RSA security conference in San Francisco.

Advertisement

The most serious of those problems is the legions of remotely-controlled botnet PCs, according to Joe St Sauver of the Internet 2 project.

"When you think about the problem that spammers face, as soon as they send mail in any sort of volume, [anti-spam groups] black-list them, so their IP space becomes unusable for their core mission," he said.

"So they're going to need some other channel for sending out that spam, and that usually means hijacked consumer PCs."

With the rise in value of botnets, the market for the malware that controls those botnets has also thrived. Bot-hungry spammers are now hiring botnet operators and malware distributors as affiliates, paying for each infection.

"The days of the individual 'Lone Ranger' spammer who does it all are pretty much gone," said St Sauver.

"So what you have now is a spammer affiliate program with franchises."

The market for this is further compounded by the climate in developing countries where there are millions of poorly-maintained PCs and a new crop of educated people turning to crime rather than a less lucrative professional career.

And it is not only criminal groups that are drawn into the world of cybercrime. The need to launder the windfall of cash from malware and identity theft operations has lead to an explosion in the recruiting of 'money mules', people who take the stolen funds into their own account and then send the money as a wire transfer to the criminal groups.

"The fundamental problem that they have is that the accounts these cards are sitting in are in specific geographies," explained Lawrence Baldwin, chief forensics officer for mynetwatchman.com.

"It is far more effective for them to have someone on the ground, because that will help them get past the anti-fraud detections at the bank."

Because the mule is essentially laundering money, the criminals are protected from law enforcement, while the mules are often arrested and prosecuted without ever knowingly committing a crime.

"Many of them are victims in the same way that people who have had their computers compromised are victims," said St Sauver.

"There are citizens out there who need someone to come out and not arrest them for being complicit, but to help them clean out their systems."

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Summit: Salesforce.com on SaaS and information overload

How web services contribute to data headaches

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Fingers on keyboard

New Flash vulnerability discovered

Web sites could be vulnerable to Flash attacks

Chris Adams

Summit: Microsoft Office to the rescue

Chris Adams, Office Client product manager for Microsoft UK, explains...

Illegal downloader

Industry and human rights campaigners united in opposition to "three strikes" plan

Critics says government proposals to curb illegal downloading are unworkable...

Primary Navigation