£600 to become a cyber-crook

This is all needed for Web criminals to earn millions of pounds. Hundreds of Internet pages and forums offer tools needed to infect users.

A Trojan costs between £175 and £350, while lists with one million email addresses are sold for £50.

Just over six hundred pounds can buy a cyber-crook the tool needed to turn malicious action into financial profit, according to data from PandaLabs. This is thanks to a black market on the Web where malicious code and tools are available at knock-down prices.

All types of crimeware tools can be bought on hundreds of forums. Even though most Web pages are located in Eastern Europe, Internet mafia networks extend worldwide.

Buying malware

If a cyber-crook wanted to buy a Trojan, say, he would only have to shell out between £175 and £350. A password stealer Trojan for example, costs £300, and a Limbo Trojan–with less features- costs around £250, although they have been sold for as little as £175. They both steal passwords to access online banks. Cyber-crooks would have to pay £250 for a Trojan that captures payment platform accounts, such as Webmoney, although there are often ‘special offers’. In one case, the first 100 buyers only had to pay £200.

The next step is to get a list of email addresses to distribute the Trojan. For this, they only have to visit another web page, where they can get mailing lists of all sizes. Prices vary from £50 per million addresses to £750 for 32 million. If they also want to send links that download the Trojan to instant messaging users, they can buy a million ICQ addresses for £75.

The next step? Making sure antivirus programs will not detect the malicious code. For between one and five dollars per hidden executable, they can hire a service that protects the malware against security tools. If they want to do it themselves, they can get polymorphic encryption software called Polaris for just £10.

The last step is to send emails to distribute the Trojan. For approximately £250, cyber-crooks can rent a spam server. Then, they just have to wait for the victims to be infected.

The profitability of malware

A few simple calculations are all that’s needed to underline how lucrative this activity can be. If a Trojan costs £250 and a million-address mailing list costs around £50, that means £300 is enough to infect a million people. Then add a £10 encryption program and a £250 spam server. With almost a 10 percent (really low) success rate, hackers could infect 100,000 people.

If they then managed to steal bank details from 10 percent of them, it would mean access to 10,000 bank accounts. Just imagine the money the average person has in a current account and multiply it by 10,000 to calculate the cyber-crooks’ profits.

However, emptying thousands of accounts would be very suspicious and crooks seek to obtain money invisibly. They, therefore, only take a small sum of money from each account, a hundred pounds, for example. Multiplied by 10,000, it still totals a million pounds. In other words, cyber-crooks can become millionaires with a £600 investment in very little time. Bearing in mind that very low success ratios were used in the calculations, the amount could be higher in real life.

If you think your computer might have been infected by these or other malicious codes, you can scan it free at www.nanoscan.com