Gunter Ollmann, VP of research for Damballa security firm in Atlanta, has blogged about the underground service industry that has sprung up to support botnet and malware groups. He found “botnet support” and “malware quality assurance” sites. There’s 24×7 support with ticketing systems.
One site features forums, a variety of services (including distribution), hacking tools and remote access Trojans.
The bad news is that the cybercrime underground is so well developed that it can support such related businesses.
The good news: wow, what a great place for law enforcement agencies to set up sting operations and distribute utilities with back doors and key loggers. Legitimate AV companies can leave out of their detections the Fed’s spyware and the dark side will be forced to come up with their own anti-spyware scanners. Then the Feds can get into polymorphic code and fast flux and rogue security applications. It would be a whole alternative universe!
Gunter Ollmann blog here.
Update 12/31:
It didn’t take long for the next development in this story to appear: “Virus Scanners for Virus Writers.” It’s the second entry in Brian Krebs new blog “Krebs on Security“
Krebs, who wrote the popular “Security Fix” column in the Washington Post for 15 years, left that post this week.
Tom Kelchner