Exposing the Money Behind the Malware

How cybercrime works and what to do about it

< Prev 1 | 2 | 3 | 4 Next >

Money behind the malware

After a criminal hooks a victim or takes over a victim’s computer, there are many ways to make money. Here are eight schemes that cybercriminals use to make money off their victims.

Selling products
The most basic way to make money from any sort of malware, spam or website compromise is to sell a product. Criminals simply set up a store and use infected websites and spam to deliver promotions and advertisements to drive traffic to a virtual storefront.

Many of these operations are not just false-front businesses. They ship sham products pretending to be Viagra, Rolex watches, Gucci handbags and various pirated software packages.

Stealing login details
The purpose of phishing spam messages is to convince you they come from someone you know or trust. Criminals use social engineering techniques borrowed from real brands to collect usernames and passwords associated with high-value websites like PayPal, banks, Facebook, Twitter, Yahoo and web-based email services.

It’s easy for criminals to imitate these companies as everything online is digital. They simply steal real communications from the victim companies and redirect the links to bogus webpages. As a percentage, phishing emails are an increasing threat taking advantage of a user's lack of awareness of hacking attacks and data breaches.

Pay-per-click fraud
After compromising a user's computer the criminals can download malware that manipulates Internet traffic. They divert the victim’s clicks to advertisements located on the criminals’ webpages. The criminals make money from ad networks by generating traffic to their customers’ ads.

Fake security software
Often referred to as fake antivirus, these programs are designed to behave in the exact opposite way of traditional malware: noisy, annoying and flashy. Fake antivirus works by convincing the user they are at risk of infection after visiting a compromised webpage that secretly installs the fake antivirus on their computer.

The criminals typically charge around US$100 for the fake antivirus software to “clean up” the infected computer. But the fake antivirus doesn’t clean up threats—it is a threat. And the criminals can make even more money off the victim by offering extended support and multi-year offers. Fake security suites target Windows, Mac and even Android users.

Cybercriminals can use ransomware to encrypt your documents, boot sector or other important component of your PC and hold it hostage until you pay a ransom. The ransomware often uses modern cryptographic algorithms, and only the criminals possess the keys to unlock your files. If you want your stuff back, you have to pay up.

Traditionally ransomware was almost exclusively Russian, but recently we’ve seen these gangs targeting North America, Europe and Australia. A new variation plaguing Internet users in 2012 is a fake law enforcement warning suggesting your federal police authority has detected child pornography on your computer. The warning tells the victim their computer has been locked and they must pay a $100 fine to unlock it.

Social media spam
Delivering email messages to our inbox is harder than ever. Spam filters block more than 99% of it before it can see the light of day. And users can spot the fake names on spam that gets through. Social media sites like Facebook and Twitter have been an attractive place for spammers to move.

The criminals can purchase access to stolen user credentials or convince users to spread fraud for them. They benefit from your social capital—the more friends and followers you have, the more people can be spammed by the criminal using your account. Users are far more likely to click a message about winning a free iPad or losing 30 pounds on a miracle weight-loss plan if it comes from someone they know and trust.

Banking malware
A highly specialized industry has popped up around capturing authentication information to access online financial institutions. While it started as simple key-logging software designed to capture your username and password, it has led to an advanced game of cat and mouse between criminals and banks.

Modern banking Trojans are available for devices running BlackBerry, Windows, Android and more. These Trojans can capture SMS messages and record videos of your screen while you log in, uploading YouTube-like videos for the criminals to see. One gang busted by the FBI in 2011 attempted to steal nearly $220 million from victims.

Premium-rate SMS fraud
Rather than ask you for your credit card or attempt to withdraw money directly from your bank account, many social media spammers and mobile phone malware authors use SMS services. When you answer a survey on Facebook asking for your mobile phone number to notify you if you are a contest winner, they are signing you up for a premium-rate SMS service. Pirated apps for your Android may come with a little something extra, a program that will start sending SMS messages to premium rate numbers at your expense.

Go to next page: The cybercriminal network