Today’s modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular questions the general public often asks in terms of cybercrime, what else, besides money, acts as key driving force behind their malicious and fraudulent activities? That’s plain and simple greed, especially in those situations where Russian/Eastern European cybercriminals would purposely sell access to Russian/Eastern European malware-infected hosts, resulting in a decreased OPSEC (Operational Security) for their campaigns as they’ve managed to attract the attention of local law enforcement.
In this post, I’ll discuss yet another such service offering access to Russian malware-infected hosts, and emphasize the cybercriminal’s business logic to target Russian users.
Sample screenshot of the service’s advertisement:
The service is currently offering access to malware-infected hosts based in Russia ($200 for 1,000 hosts), United Kingdom ($240 for 1,000 hosts), United States ($180 for 1,000 hosts), France ($200 for 1,000 hosts), Canada ($270 for 1,000 hosts) and an International mix ($35 for 1,000 hosts), with a daily supply limit of 20,000 hosts, indicating an an ongoing legitimate/hijacked-traffic-to-malware-infected hosts conversion. We believe that the availability of Russian based malware-infected hosts is the direct result of either a greed oriented underground market proposition, the direct result of a surplus based proposition, or an attempt by the cybercriminal behind the the offer to differentiate their proposition from the rest of the commoditized services offering access to, for instance, U.S based hosts.
We’ll continue monitoring the service, and post updates as soon as new features — if any — are introduced.