MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


YES Exploit System and Crimeware-as-a-Service

In recent years the phenomenon Cloud Computing has become a real turning point as far as information security is concerned, the main focus of controversy does not pass both protection mechanisms that can reach their architectures implemented on but more round about the lack of trust still exists on who should take the decisions necessary to implement this style services.

However, undoubtedly, for offenders Cloud Computing security isn't a problem or a constraint to further fuel the underground economy and, in some ways to adapt this technology to offer alternatives "differential" in the competitive scenario posed by crimeware business.

YES Exploit System, one of many systems to automate the exploitation of vulnerabilities to recruit zombies, poses just that.

Using a schema from the visual point of view has nothing to envy to any of the operating systems are supported and used by "the cloud", is confined solely to provide the necessary options for the activities of criminals interest loa . Which makes it clear that the developers of these applications are fully aware of their criminal needs "clients."

Even implementing mechanisms counterintelligence whose objectives are to, first, check the reputation of the domain (Domain checker) used for maneuvers criminal automatically checked against the main services that are responsible for adding a database of URL's fraudulent; including ZeuS Tracker, friends of MDL (MalwareDomainList), SiteAdvisor, Norton List, etc., besides being able to manually add any other default not included manipulating the code of certain files.

On the other, checking the integrity of malware spread (AV Checker). Both "criminal remedies" born as a result of high growth and demand for these types of crimeware.

One of the latest campaigns through the latest YES Exploit System was the spread of family ransomware seen in the image:

Chronologically speaking, this crimeware has three generations and the business model was no longer just a matter operated from hiding underground to certain forums, in addition, make sales through partners, via the web and using as the main channel Communication: ICQ.

YES Exploit System closely resembles a conventional business scheme but designed exclusively for criminal purposes. Even if we consider that among the many resources generated to support the already crimeware (DBaaS) DataBase-as-a-Service should not be surprised to find among the research process, the support of the "customer base" of YES-ES (or otherwise), also from "the cloud" and hosted by a "third."

Related information
YES Exploit System. Manipulando la seguridad del atacante
YES Exploit System. Otro crimeware made in Rusia

0 comentarios:

Post a Comment