In a series of blog posts, been profiling the tactics and
DIY tools
of novice cybercriminals, whose malicious campaigns tend to largely
rely on social engineering techniques, on their way to trick users into
thinking that they’ve been exposed to a legitimate
Java applet window. These
very same malicious Java applets, continue representing a popular
infection vector among novice cybercriminals, who remain the primary
customers of the
DIY tools/attack platforms that we’ve been profiling.
In this post, I’ll discuss a popular service, that’s exclusively offering hosting services for malicious Java applets.
Sample screenshot of the service:
For a one time fee
of $20, the service offers detailed statistics about how people ran the
applet hosted on their server, as well as the ability to clone a popular
website to be later on automatically embedded with a custom malicious
Java applet on it. The service is also offering managed rotation of
typosquatted domains to its prospective customers, in an attempt to make
it easier for them to operate their campaigns.
Based on our
initial analysis on the service’s operations, we can easily conclude
that its operators lack the experience and motivation to run it,
compared to that of sophisticated bulletproof hosting providers,
like the ones we’ve already profiled in the past. Nevertheless, its
public availability has already empower multiple novice cybercriminals
with the hosting services necessary to achieve their malicious
objectives.
Although we believe that this a short-term oriented market niche
international underground market proposition, we’ll continue monitoring
its development.
No comments:
Post a Comment