There are other ways of planting Trojans on user computers, some of which are extremely brazen. There are cases where cyber criminals offered to pay website owners for loading malicious programs onto the machines of users who visited their websites. One example of this is the iframeDOLLARS.biz website: it offered webmasters a “partner program” that involved putting exploits on their websites so that malicious programs would be downloaded to the machines of those who viewed the sites. (Of course, this was done without the users’ knowledge). These “partners” were offered $61 per 1,000 infections.
Dealing in Stolen Goods
Unquestionably, the main motivation for stealing data is the desire to make money. Ultimately, all the information stolen is either sold or directly used to access accounts and get funds in this way. But who needs credit card data and email addresses?
The actual data theft is only the first step. Following this, cyber criminals either need to withdraw money from the account, or sell the information received. If an attack yields details which are used to access an online banking system or an e-payment system, the money can be obtained in a variety of ways: via a chain of electronic exchange offices that change one e-currency (i.e. money from one payment system) into another, using similar services offered by other cybercriminals, or buying goods in online stores.
In many cases, legalizing or laundering the stolen money is the most dangerous stage of the whole affair for the cyber criminals, as they will be required to provide some sort of identifying information e.g. a delivery address for goods, an account number etc. To address this problem, cyber criminals use individuals who are called “money mules”, or “drops” in Russian cyber criminal jargon. “Drops” are used for routine work in order to avoid exposure, e.g. for receiving money or goods. The “drops” themselves are often unaware of the purposes for which they are used. They are often hired by supposedly international companies via job-search websites. A “drop” may even have a signed, stamped contract which appears perfectly legal. However, if a “drop” is detained and questioned by law-enforcement agencies, s/he is usually unable to provide any meaningful information about his/ her employer. The contracts and bank details always turn out to be fake, as do the corporate websites with the postal addresses and telephone numbers used to contact the “drops”.
Now that the cybercrime business has matured, cyber criminals no longer have to look for “drops” themselves. They are supplied by people known as “drop handlers” in Russian cyber criminal jargon. Of course, each link in the chain takes a certain percentage for services rendered. However, cyber criminals believe that the additional security is worth the cost, especially as they haven’t had to earn the money themselves.
As for stolen email addresses, they can be sold for substantial amounts of money to spammers, who will then use them for future mass mailings.