'Golden Cash' botnet-leasing network uncovered

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-1009_3-10266977-83.html

By Elinor Mills
Security
CNet News
June 17, 2009

Researchers at security firm Finjan said on Wednesday that they have 
uncovered an underground botnet-leasing network where cyber criminals 
can pay $5 to $100 to install malware on 1,000 PCs for things like 
stealing data and sending spam.

The Golden Cash network, dubbed "Your money-making machine" on its home 
page, sells access to botnets comprised of thousands of compromised PCs 
to cyber criminals for custom malware spreading jobs, according to issue 
2 of the Cybercrime Intelligence Report for 2009.

Here's how it works: a cyber criminal creates a botnet by hiding 
malicious code in a legitimate Web site that is used to turn Web surfing 
PCs into zombies. The code, typically an iFrame, points the PCs to a 
separate Web site where they are then infected with a Trojan backdoor 
that reports back to the Golden Cash command and control server.

In order to increase the number of botnets, the Golden Cash server 
installs an FTP (file transfer protocol) grabber on new zombies to steal 
credentials used by the computers to run Web sites, giving the server 
control over additional legitimate Web sites. Approximately 100,000 
domains, including corporate domains from around the world, were 
identified among the stolen FTP credentials under Golden Cash's control, 
according to the report.

[...]


_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org