HitB2011AMS: Beyond Botnets - Dissecting the EcosystemFrank Breedijk
Slides on the HitB Materials page.
Michael’s talk focuses on the current eco systems of botnets. Who run them, who uses them and who benefits from them. Michael starts of by showing how sophisticated Botnets have become. Cyber criminals are running botnets as a commercial business and a ‘cloud service’ including dashboards. He showed an example of a botnet that did not generate its own infections, but used its users to infect targets. As a price 20% of the infected machines are not controlled by the infector but by the botnet operators.
Some botnets measure their effectiveness by e.g. running virus scanners against their payload every 15 minutes and reporting back the detection rates of their systems.
It is interesting to see that the prices of e.g. credit card data are currently dropping rapidly. We have come to the point that UK credit card data is now sold for a set price per gigabyte.
Michael illustrated the fact that botnets are getting very advanced with a lot of different examples. E.g. Traffic Converter in the last two years have earned 40 to 50 Million USD and it is a very well run operation.
It is an advanced operation with:
- Live Chat Support
- Support trouble ticket system
- AV testing by humans
- Online helpdesk
- Payment system
- Full QA
Stopping cybercrime is not going to stop. It is more then just botnets, but also fake anti-virus and click fraud. The victims are not large corporation's, but common folks.