MAY 9, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Notes from the (Russian) Underground

Security for Home Users
Taking the Bait: A Closer Look at Social Engineering

Security for Business
Virtual Patching: A Necessity amid Zero-Days

Security Spotlight

Notes from the (Russian) Underground

The fact that prices have been decreasing doesn’t mean that business isn’t doing well for cybercriminals. In fact, it could very well mean the opposite.”

In our coverage of events unfolding in the threat landscape, we often mention the existence of a cybercriminal underground where bad guys can buy and sell tools and services. Over the years, we have been keeping tabs on major developments and changes within this underground. We will now take a look at the latest developments in the Russian underground market.

Uniquely Russian

The Russian cybercriminal underground market has been around since 2004. As a pioneer, it was the first market to offer crimeware to cybercriminals. The creation of the marketplace meant that bad guys no longer had to rely on their knowledge and skill to create tools for their schemes; they could simply buy what they need from other people.

Apart from being the pioneer market, the Russian underground is also known for selling specialized services. Merchants focused on selling products or services they excelled in creating or doing. The Russian market, in particular, specializes in selling traffic direction systems (TDSs) and offering traffic direction and pay-per-install (PPI) services. Cybercriminals use TDSs to determine traffic type, which will help direct potential victims to certain malicious sites and serve the right malicious payloads for particular computers. For PPI services, advertisers pay publishers a commission every time a user installs applications bundled with adware.

A True Economy

Aside from the illegal nature of the goods and services offered, the Russian underground is much like any other business economy. The underground also experiences highs and lows when it comes to pricing, depending on supply and demand. For example, a huge demand for credit card information can drive prices up. However, massive data breaches can also increase the supply of such kind of information, which can lead prices to go down.

Some marked differences between legitimate businesses and the Russian underground still exist though. In the latter, sellers need to hide their identities and traces of business transactions, for one. As such, real-time transactions are almost impossible to conduct; business dealings are much slower in the underground compared with the “legitimate business world.”

What This Means to Users

Changes in the Russian underground can have a drastic effect on regular users. For example, the fact that prices have been decreasing over the years doesn’t mean that business isn’t doing well for cybercriminals. In fact, it could very well mean the opposite due to process automation.

All of the changes in the underground show that cybercriminals are constantly creating and refining their service and tool offerings to victimize more users than ever. We should all be vigilant about online safety.

Copyright ©2014 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.