Exposing the Money Behind the Malware

How cybercrime works and what to do about it

< Prev 1 | 2 | 3 | 4 Next >

The cybercriminal network

With so many steps to take to create a criminal money-making schemes to work, the perpetrators need to specialize in their jobs. The criminals need to have skill, expertise and knowledge to continually evade our defenses and avoid apprehension by law enforcement. In this section, we explain the various roles cybercriminals fill to create a successful crime network.

Exploit writers
Exploit writers are hackers who specialize in discovering vulnerabilities in software and creating exploit packs—a collection of vulnerabilities packaged together. The exploit writers then sell the exploit pack to less technical criminals, who use it on websites and in email attachments to embed malware on unpatched computers.

The quality of language used in many spam emails, lures and social engineering attacks has improved dramatically in recent years. It seems that the gangs behind these attacks are investing in professional translation services to improve the number of victims they can trick into falling for their scams.

Bot herders
The job of a bot herder is to infect all of the zombie computers that are used for creating a botnet, which the criminals use for spamming, DDoS attacks, proxying and other cloud computing needs of the criminal underground. Bot herders segregate and sell or lease computers based on geography and type of bot needed by the purchaser.

Money mules and mule managers
Financial criminals need people on the street to walk into banks and transfer funds or deposit checks. Mule managers specialize in recruiting people who are down on their luck, or willing to look the other way when asked to help commit financial fraud. Many mules are tricked into helping by work-at-home scams and other guises intended to fool them into assisting.

Partnyo'rka owners
Partnyo'rka loosely translates to “partner network” in English. Partnyo'rkas are affiliate marketing schemes set up to encourage low-level criminals to spread the word about Canadian pharmacy offers, fake luxury goods and other spammed out goods or services. The Partnyo'rka operators pay commissions to their minions for each sale. Partnyo'rka owners promote their schemes with spam in emails, forums, chats, blog comments and social media, as well as website poisoning and blackhat SEO.

Tool providers
While there isn't anything technically criminal about writing software, there is a group of people who only write tools to aid in spreading spam and malware. For anywhere from $20 to many thousands of dollars you can purchase exploits, toolkits, CAPTCHA solvers and a host of other tools designed to spam every online service you can imagine.

Malware writers
As CEO of Microsoft Steve Ballmer once said, “developers, developers, developers” are at the heart of what makes the whole cybercrime operation go. It would appear that most malware developers don't distribute their wares directly, but sell their services to the operators of organized cybercrime operations.

Go to next page: How we can win