The new face of cybercrime - Fraud As A Service (FaaS)

by Michael Smith

A completely new industry for would-be internet fraudsters is emerging, unfortunately. One that is helping those without technical knowledge or resources to advance their cybercrime careers, so Uri Rivner, RSA's Head of New Technology told delegates at the recent RSA Europe 2008 Conference at the ExCel in London's Docklands.

Facilities such as professionally run discussion forums that often include in-depth reviews of malware products and money laundering services are just some of the new sources of help for fraudsters, he said.

In practice, this means that online fraud is now a serious option for many who would previously have suffered from their lack of technical know-how. “We estimate that only about 10% of online fraudsters have the technical knowledge needed to securely host and regularly upgrade malware, and infect a large number of computers with it,” he said.

The market for malware products and services mirrors the legitimate software industry, with competition between malware developers forcing prices down, and spawning innovative new service models, said Rivner.

The Limbo trojan is a good example of the new breed of “affordable” and carefully designed malware products, offered at $350, according to Rivner. When present on a victim's PC, Limbo can insert code into the HTML received from banking websites, appearing on the screen as extra fields that typically request important account details. The page itself is genuine and the fields are seamlessly inserted, Uri Rivner told the listerners.

Fraudsters can also receive help in placing malware on machines in the first place, with infection services priced per thousand machines, said Rivner. Prices also vary according to the target country, and whether exclusive or non-exclusive infection is offered. These developments are paving the way for the concept of “fraud as a service,” said Rivner.

However these sophisticated new models have their own vulnerabilities. Online forums where products are offered for sale and business deals are discussed are also communication bottlenecks. Gaining a reputation is an important part of acquiring customers, and fraudsters may unwittingly reveal important clues about their true identity, said Rivner.

Fraud as a Service (FaaS) is a little like the criminal version of Software as a Service now as well, in that the fraudsters not only are able to buy the tools to use. No, they can actually by server and bot-net time and such like. Worrying aspect.

This is why Internet users need to have more than just an anti-virus program which gets updated every week or so. In fact update for such programs must be made several times a day, ideally.

In addition to this the users must become Internet savvy and be most vigilant, for the fraudsters and other cycbercriminals use various means to distribute their gifts and they do not look like Santa Claus, necessarily.

The tools are only as good as the last update and with the latest Trojans on the loose where the user just needs to visit a website that is being used as a means of infection, whether a spoof site or a legitimate one where some elements of the website has been altered to inject malware into the unsuspecting users system without any action by the user him- or herself, unlike the way it was not so long ago.

Recently this behavior has been noted also by the “Smithfraud” agent that masquerades as Windows Security Center and can be rather annoying. To this moment I am not sure as to what actual damage, if any, it does; e.g. whether it is a key logger or other such agent that “phones home” with information.

However, the general advice remains: “Let's be careful out there.”

© M Smith (Veshengro), November 2008