MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Prices of Russian crimeware. Part 2

Criminal activities of which are fed daily cyber criminals through a business model implemented by themselves, are channeled through the underground market that offer "services" more professionals to suit the needs of cyber -organized crime.

Consequently, every day there are new crimeware applications to enhance the economics of cyber-criminals, whatever the role in the criminal chain. Some of these crimeware is reflected below, highlighting the costs are within the illegal market.

CRUM Cryptor Polymorphic v2.6
This is an application type crypter. Its main feature is the ability to generate polymorphic malware encrypts every file created with a random key of 256 bytes. It also offers the possibility of the anti-malware analysis processes such as the detection of virtual machines. Your cost is USD 200 and includes updates for free.

CRUM Joiner Polymorphic v3.1
In this case, the main function is the ability to merge files without any limit on the amount. Like the previous binary can refer to a 256-byte encryption, polymorphic and detection capabilities of virtual machines. The price is USD 100 and upgrades are free.

More information about this family of crimeware

Eleonore Exploits Pack v1.2
Eleonore is a package of exploiting vulnerabilities and network control zombies. The cost of the latest version is USD 700. For an additional cost of USD 50 provides access to their crypter.

By default, the crimeware is linked to a number of domains, but there is the possibility of leaving it disconnected but its value is free to USD 1500, including Crypter. It's designed to exploit the following vulnerabilities: MDAC, MS009-02, Telnet - Opera, Font tags - FireFox, PDF collab.getIcon, PDF Util.Printf, PDF collab.collectEmailInfo, DirectX DirectShow and Spreadsheet.

Eleonore Exploits Pack v1.1
The previous version has a cost of USD 500 and unlike the version 1.2, the module hasn't exploit Spreadsheet.

More information about Eleonore Exploits Pack

Unique Sploits Pack v2.1
One of the botnets applications designed for managing web via HTTP. Current value is USD 750 and includes free updates and Crypter. For those who have older versions, the upgrade to this version has an aggregate value of USD 200.

The ability to exploit vulnerabilities that are: MDAC for IE 6, PDF exploit for IE 7, Opera and Firefox, PDF exploit for Adobe Acrobat 9, PDF Doble. Download simultaneously two exploits in PDF, MS Office Snapshot for IE 6 y 7, IE 7 XML SPL, Firefox Embed, IE 7 Uninitialized Memory Corruption Exploit, SPL Amaya 11, Foxit Reader 3.0. PDF Buffer Overflow Exploit.

More information about Unique Sploits Pack

Another of the many crimeware designed to exploit vulnerabilities and to control botnets via http. Among the features that has highlighted the possibility of using local pharming, keylogging, theft of digital certificates, encryption of information, anti-detection techniques, cleaning of fingerprints, injection of viral code, among others. Its value is USD 3000.

More on Adrenaline Pack

YES Exploit System v2.0.1
One of the most used operating kits. Has an interface that resembles that of an operating system with a "Start" menu from which you access the various features of it. The cost of the latest version to date (August 2009) is USD 800.

YES Exploit System v1.2.0
Some packages of the first generation, still very active, the price varies depending on the versions. In the case of version 1.2.0, the cost is around USD 700.

More information about Exploit System YES

Barracuda Botnet v3.0
Latest version of this web application that, despite having several years of existence, it still has a relatively high cost compared to their peers. This is a crimeware with two versions of marketing, the Full version at a cost of USD 1600 and the Lite version at USD 1000.

In addition, this package is modular, meaning that you can add modules to meet the needs of the botmaster buy or rent. Modules that can be acquired are:

  • Module DDoS (HTTP GET / POST flood, UDP flood, ICMP flood, TCP flood, IP Spoofing) at a cost of USD 900.
  • Email Grabber module that collects email addresses stored on the zombie. Its value is USD 600.
  • Proxy Module, allows to increase the number of simultaneous connections for a more "efficient" sending spam. Its value is USD 500.
  • Module PWDGRAB. Clearly oriented to the theft of private information. The value is USD 500.
  • Module SSLSOCKS. This module is in its beta stage and can build a VPN "through the botnet. The price is USD 500.
With respect to previous versions, the 2.2 is sold for USD 600 and USD 300 to version 2.0.

More information on this crimeware

ZeuEsta Exploit Pack v7.0
This is an "adaptation" which consists of private combination of two very active crimeware: ZeuS v1.2.4.6 and SPack Kit. The cost is USD 600 and USD 100 per month to access a more hosting. Originally composed by the merger between Zeus and ElFiesta up during April this year (2009) was updated replacing ElFiesta by SPack Kit

While this fusion of crimeware isn't an original creation developed entirely by Russians, the different versions of it are ZeuS and therefore was considered to reflect its cost.

ZeuEsta Exploit Pack v5.0
This version is obtained in the illegal market at a cost of USD 150 the "unofficial", ie sold by third parties and not by the author himself. This version is composed by ZeuS v1.1.2.2 and ElFiesta.

ElFiesta v3
One of the most exploited by crimeware botmasters. In this case it's version 3 at a cost of USD 800. The application has modules that exploit vulnerabilities over twenty of which those with higher levels of efficiency are the exploits to PDF and SWF.

More information about ElFiesta

Liberty Exploit System v1.0.5
A new crimeware package that has recently emerged a number of characteristics that make it according to its author, an ideal application for its price/quality.

Preinstalled by default has the following exploits: MS06-014 Internet Explorer (MDAC) Remote Code Execution Exploit, PDF util.printf(), PDF collab.collectEmailInfo(), PDF collab.getIcon(), Flash 9 y MS DirectShow. Its cost is USD 500.

Neon Exploit System v2.0.5
Neon suffered a slight cut of USD 100. Now, the cost is USD 400 and USD 500 no. Among the modules of exploits that are preinstalled and preconfigured include: IE7 MC, PDF collab, PDF util.printf, PDF foxit reader, MDAC, Snapshot and Flash 9.

Limbo Trojan Kit
Limbo is one of the least popular crimeware illegal market in Russian market. However, this does not mean that your risk is lower. At a cost below other crimeware much more popular, their cost is USD 300.

Among its features are the binary update, cleaning of tracks (cache, cookies, etc..), Reboot the operating system (Windows) and destruction if necessary. It also has ability to capture keyloggin all passwords are accessed through Internet Explorer and that are stored in the browser, among others.

Fragus v1.0
A very new Web applications that access the crimeware industry at a cost of USD 800. Its characteristics are that the multilingual support (english and russian), statistical system on the browser and operating systems (including versions) and countries, the ability to customize modules exploits and incorporate new injection of iframe tags, file encryption, Crypter is a part of that package, however, you can add a personal.

As we can see, the malicious process automation, services and offerings relevant to making the purchase, sale and rental of effective "weapon" software designed purely for criminal purposes and profit.

In this sense, the costs generated from crimeware Russia moves depending on what the market dictates, even creating alternative business models such as loss of focus on providing technical support through professional services and maintenance and custom Update crimeware, feedback and the black market. 

Related information this Blog
Los precios del Crimeware ruso
Comercio Ruso de versiones privadas de crimeware...
Automatización de procesos anti-análisis II
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
Mirando de cerca la estructura de Unique Sploits Pack
Adrenaline botnet: zona de comando. El crimeware ruso...
YES Exploit System. Otro crimeware made in Rusia
Barracuda Bot. Botnet activamente explotada
ElFiesta. Reclutamiento zombi a través de múltiples amenazas

Jorge Mieres

0 comentarios:

Post a Comment