Cybercrime

Question 1

What are the types of bad actors in the cybercrime world?

Answer 1

Who are the actors? 
Exploit developers 
Botnet masters 
Spammers 
Phishers 
Bulletproof Hosting Providers 
Counterfeiters 
Carders, Cashiers, Mules 
Crowdturfers

Question 2

Explain the difference between the old market for exploits and the new market for exploits on the black market

Answer 2

In the past, the same party that does the compromising is the same party that makes the money - create exploits, hack the machines, and make money by themselves

Today, the bad guys specialize in different functions. Today some create the exploits and sell them; the buyers purchase the exploit and use them to make more money; etc.
Compromised computers also sold on the black market to launch attacks on other targets

Question 3

What is the deep web, dark web, and surface web

Answer 3

deep -> it is not indexed on standard search engines

dark -> web content that exists on darkness

surface -> readily available to the public; and searchable with standard search engine

Question 4

A program that hides malicious code from anti-virus software

Answer 4

Crypters

Question 5

Trojan Download Manager

Answer 5

Software that allows attacker to update or install malware onto victims computer

Question 6

Black Hat Search Engine Optimizer

Answer 6

Increases traffic to attackers site by manipulating search engines

Question 7

Doorway pages

Answer 7

A webpages that list many keywords, in hopes of increasing search engine ranking. Scripts on the page redirect to the traffic page.

Question 8

What are two characteristics of spam?

Answer 8

Inappropriate or irrelevant

Large number of recipients

Question 9

What key roles do spammers play in the cybercrime world?

Answer 9

Build, curate, buy and sell email addresses
Send mail on behalf of other actors for free
Traffic PPI services looking to acquire traffic or infections for free
Phishers look to steal personal information for free

Question 10

What was the percentage of revenue became profit for the scammers in the study?

Answer 10

Only 16%; this indicates that there are many costs affiliated with scamming

Question 11

Name areas of scam infra where law enforcement can easily act:

Answer 11

• DNS servers
• Web servers
• Merchant bank accounts

Question 12

How do spammers send such large bulks of emails?

Answer 12

Rent access to botnets or use botnets in house

Question 13

Explain random domain generation used in C&C architecture. Why Is it so difficult to stop?

Answer 13

Bot masters also use random domain generation because it would be easy for security teams to block the C&C domain despite the fact that it can move between IP addresses. This makes it more difficult to block a single domain.