Brazilian hackers are known for their preference for stealing and misusing phished banking credentials and credit card numbers, but also for their penchant to openly brag online about their illegal activities.

This relaxed attitude regarding the possibility of getting caught and tried for their illegal actions is due to the country's extremely inadequate anti-cybercrime laws, explains Kaspersky Lab's Fabio Assolini, who recently spotted another business venture initiated by the criminals.

"To help new 'entrepreneurs' or beginners interested in a life of cybercrime, some Brazilian bad guys started to offer paid courses," he reveals. "Others went even further, creating a Cybercrime school to sell the necessary skills to anyone who fancies a life of computer crime but lacks the technical know-how."

A number of different courses are offered, and while some seem like legitimate ones - how to become a designer, a Web designer, a hacker, a programmer - other not so much as they offer to teach how to become a "banker", a defacer or a spammer:


“This course is intended for everybody making online transactions. You will learn how crackers take control of corporate or home computers, what social engineering is all about, how 'auto-infect' works, how to use sources (of Trojans), how to manipulate the security plugins installed on browsers such as IE, Firefox, Chrome, Avant, Opera, and antivirus and firewalls. How spamming helps to catch new victims, what 'loaders' do and how crackers use them. You’ll learn all the slang used by crackers and bankers and find out about things like 'loaders', 'info', 'cc', 'admin', 'laras (money mules)', 'Desco, Ita, Uni, Sta, CEF, BB, City (popular names of Brazilian Banks), and much more. You’ll discover how crackers clone credit cards, checkbooks, IDs, driver’s licenses, birth certificates and other documents. You’ll learn how crackers can own e-commerce websites that store credit card numbers and what they do with this data. You’ll learn about the laws in Brazil and what the sentence is if you’re caught, as well as what risks you run and how to avoid getting caught. All this and much more is part of our course,” the "banking" course is explained on the school's website, and the spamming course comes complete with 60 million neatly categorized email addresses so that the newly initiated spammer can start churning out spam immediately.

The courses can be bought online but - as unbelievable as it sounds - aspiring cybercriminals can also attend real-world classes at a location that is shared freely and, obviously, without any fear of law enforcement reactions.