In the second issue of its “Cybercrime Intelligence Report” of 2009 (PDF), Finjan shows the operations of the Golden Cash network consisting of an entire trading platform of malware-infested PCs. The trading platform utilizes all necessary components (buyer side, seller side, attack toolkit, and distribution via “partners”). This advanced trading platform marks a new milestone in the cybercrime evolution.
By turning compromised PCs from a one-time source of profit into a digital asset that can be bought and sold again and again, cybercriminals are maximizing their illegal gains.
The cybercrime intelligence report covers the following:
- On the buyer side of the trading platform, batches of 1,000 malware-infected PCs can be purchased for $5 up to $100; depending on territory
- Partners are paid for successfully distributing the bot and collecting FTP-credentials of legitimated websites through the infected PCs
- On the seller side of the trading platform, cybercriminals sell batches of 1,000 malware-infected PCs for $25 up to $500
- Compromised malware infected PCs may be infected with additional malware each time they are purchased by a new “owner”
- For attacks and exploitations, an exploit toolkit with obfuscated code and the Trojan Zalupko attack toolkit are provided.