The current market of malware – especially the branch dedicated to banking Trojans and theft of financial data – has evolved into two main paradigms:
- Closed organizations, very secretive groups in charge of managing all stages of the fraud process. They are behind the most advanced Trojans, like Sinowal.
- Opaque decentralized networks, where no real communication exists between the “cells” or nodes of the criminal network. In addition, no one is at the helm, and the cells have a high degree of independence. This way, the last links of the distribution chain are almost or completely unaware of what's going on in other parts of the structure, and shutting down or arresting one of the components has little impact on the rest of the network.
The second model is the most successful one.
No doubt we all remember the DarkMarket case, a well-known, FBI-operated underground forum where all kinds of illicit items were traded. There are many examples of this type of forum. Ghostmarket used to be one of them. Focused on England, it was specialized in bank credentials and card information exchange. This forum once enjoyed great popularity among rookie scammers, many of them quite young, who saw in it a chance to make a quick buck while covered by a cloak of immunity – they thought the police wouldn’t lift of finger for petty crimes like theirs.
Nevertheless, it has been recently disclosed that Ghostmarket was broken into in early July.
Afterwards, it was shut down and investigated by the police. The following is the administrator’s farewell letter:
In relation to this – or maybe not – two further arrests have recently been made. This time, the criminals were linked to a Zeus botnet.
The assumed immunity was only that – assumed. Some of these youngsters have even ordered goods paid with stolen credit cards to be delivered home - their real home.
I hope that from now on, if not morals, then at least fear can help appease the greed of these newbies who make up the end of the chain, the last and least protected part of the criminal network.