Hackers renting 1,000s of UK malware-hosting machines for just $240

Cyber criminals are renting UK-based malware hosts for as little as $240 per 1,000 machines, according to security firm Webroot.
Webroot researcher Dancho Danchev reported uncovering a cyber black market that rents access to location-specific compromised hosts in a public blog post.
"The service is currently offering access to malware-infected hosts based in Russia ($200 for 1,000 hosts), United Kingdom ($240 for 1,000 hosts), United States ($180 for 1,000 hosts), France ($200 for 1,000 hosts), Canada ($270 for 1,000 hosts) and an international mix ($35 for 1,000 hosts), with a daily supply limit of 20,000 hosts, indicating an ongoing legitimate/hijacked-traffic-to-malware-infected hosts conversion," read the post.
Webroot manager George Anderson, told V3 the news is troubling as the malware-hosting stations can be used for a variety of harmful purposes.
"Compromised hosts are basically owned. They can be used by the cyber criminal for any activity that will make them money: as a spam relay, as spear-phishing of the host's friends, as a Command and Control point, or a relay to steal the host user's identity, their banking and financial access credentials. The list is pretty much inexhaustible," he said.
"The reason why spam botnets are commonly used is because they can be easily hidden on the host and can equally easily use the host as a launch platform for further compromises or to build botnets. Botnets can then be used to launch distributed denial of service (DDoS) attacks, where seemingly legitimate traffic floods a website to make it inaccessible to others – which is a major business loss for any company operating online."
He added that the location-based offering also means criminals renting the hosts can improve their schemes' profitability.
"Criminals are pricing hosts by location because it's an indication of an ‘economic value' of the host. For instance a US citizen will generally be better off than a Russian citizen, therefore targeting that host or using that host to mine others in that region (for example grabbing the email addresses of a US person's compromised host to then compromise their friend's PCs too) will most likely lead to a specific financial gain," he said.
Danchev said the location-based offering is likely designed to help differentiate the criminals' rental services from other similar black marketplaces.
"Today's modern cybercrime ecosystem offers everything a novice cyber criminal would need to quickly catch up with fellow or sophisticated cyber criminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware-generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem," wrote Danchev.
Cyber black markets selling attack tools and services have been a growing problem for the security community. For years numerous vendors have reported seeing a growth in the number of illegal online marketplaces selling attack tools and web user account passwords. Webroot researchers also discovered thousands of Twitter and Skype user account details for sale on a Russian cyber black market in April.

Facebook and Dropbox sparked hackers' malware renaissance

HELSINKI: The failure of online services such as Facebook, Twitter and Dropbox, to adequately test their security before launching helped to ignite the current cybercrime boom, according to F-Secure.
F-Secure web reputation service expert Christine Bejerasco claimed the rise of online services such as Facebook led to a renaissance in cyber criminals' malware development and distribution practices, during a briefing attended by V3.
"The internet is becoming very dynamic. More than ten years ago it was mainly meant for consuming content. Malware during those times was pretty simple: they'd attack the website, load [malware] onto it so people would get infected. The problem during those times was that hosting was quite expensive, so there weren't a lot of malicious websites. Those days are gone," she said
"The renaissance period came when blogging became normal, this really gained momentum when websites like Facebook and Dropbox arrived. it also helped when HTML5 came and made it so anyone could post anything, anytime they wanted."
Bejerasco said the platforms drew criminals' interest, offering them new and easy ways to host and spread malware. "This was actually a pretty good thing, as it opened up the internet. This has made us enter the age of empowerment on the internet – any individual can use any interface at their disposal to post and consume information online," she said.
"But lets say you're a newly minted bad guy and you want to start your career online. A simple search will show you what you need and lead you to these platforms. These guys are benefiting from this seemingly free way of posting information online."
She said social media sites are particularly useful tools for criminals, as they offer a variety of benefits to attackers. "A lot of the bad guys like to play on social media sites," she said.
"The audience is already there and these social platforms are powered by very powerful programme interfaces that allow the user to automate what they do. So for example, a bad guy doesn't even have to create a real profile anymore he can just go in and create a bot to do all his nasty tricks."
Bejerasco said services including Dropbox are also useful to criminals as they offer a free way to store malware and make it easier for them to drop payloads into infected sites or machines.
"File hosting Dropbox is one of those malware favourites. What a usual Trojan does when it gets into the system is just pull their payload from Dropbox into the system so they don't have to host their website."
The F-Secure expert cited criminals' use of the free web services as proof that software and web service providers need to build their products with security in mind from the start. "There is a responsibility for these guys to get secure when they get this big. Facebook in particular has been getting better in recent months," she said.
"But the problem now is the bad guys are always looking for the next hit. They [Facebook and Dropbox] started in garages and that is amazing, but now you have to know the moment you launch the bad guys are going to come into your playground."
Bejerasco's comments follow widespread warnings from the security community to businesses that using free web services – such as Gmail, Facebook and Twitter – leaves them open to attack.
AVG's SMB general manager Mike Foreman also told V3 that the use of the free services is leaving many small-to-medium-sized businesses one cyber attack away from bankruptcy.