TORONTO – Cyber-criminals continue to show just how enterprising they can be. Finjan’s Malicious Code Research Center has discovered a trading platform that enables cyber-criminals to buy and sell botnets – essentially a one-stop shop for such activity.

In its research, Finjan’s MCRC discovered the existence of the Golden Cash network, which consists of a trading platform of malware-infected PCs. According to Ophir Shalitin, director of marketing for Finjan, the Golden Cash network is unlike anything that’s been discovered before. Whereas other networks provided pieces of the cyber-crime puzzles, Golden Cash is a one-stop shop for cyber-criminals, he said.

“It’s sort of the eBay of botnet trading or hacker-to-hacker trading,” Shalitin said.

Cyber-criminals can register for accounts and then get access to customized toolkits and botnets, which enable them to start launching attacks and making money. In fact, buyers can purchase batches of 1,000 malware-infected PCs for between $5 (US) and $100. Partners are also paid for distributing the bot and collecting FTP credentials of legitimate Web sites.

“That means that people may have their PCs compromised either by individauls or people working in corporates,” Shalitin said. Their PCs can be bought and sold as part of a botnet without them even being aware of it.

Additionally, it’s a vicious cycle. When cyber-criminals buy a batch of infected PCs, they can add more malware to the PCs, collect FTP credentials and continue to build the network — all while making money off of victims. The botnet can be used to send spam and to collect sensitive information. According to Finjan, the Golden Cash network has collected 100,000 FTP credentials for legitimate sites, which they add iframes to in order to infect visitors.

“That’s one of the dangers of this as a platform,” Shalitin said. It makes it easy for cyber-criminals to be active, and the network basically seeds itself, he said.

The Golden Cash network is detailed in Finjan’s latest “Cybercrime Intelligence Report.”

Businesses and individuals can take measures to protect themselves, though.

“If you look at how these PCs are compromised, what they do is inject an iframe into legitimate Web sites, and when a user browses these sites, they get infected. So the first thing to do is make sure there’s a security measure that doesn’t just look at the category of the Web site or the reputation of the Web site,” Shalitin said. Real-time content inspection is important, and signature-based anti-virus is not sufficient.

Operating system patches should also be up to date to make sure all known vulnerabilities can’t be exploited, he said.

“Given the level of threat, I think it’s important to address it with the right solution,” Shalitin said.

This column was written by Chris Talbot of ConnectIT, an IntegratedMarCompany

a>>