Fraud report reveals danger of ‘fast-flux botnets’

The use of sophisticated fast-flux botnets' will increase in the next year, according to a new Global Online Fraud report from RSA.

Fast-flux botnets hide the content servers delivering phishing and malware websites behind a number of compromised computers, letting addresses change very quickly to avoid detection.

"The location of the attack is constantly moving and so obviously makes it much trickier to try and get it stopped, because every time you find it it moves again," Andrew Moloney, director of marketing at RSA, told IT PRO.

The report said fast-flux networks were becoming more popular as they were easy to set up. In some cases, fraudsters rent botnets and a content server for a monthly fee.

The report noted the example of the Sinowal Trojan, which RSA discovered in October 2008. The report said the trojan had an advanced and reliable communication infrastructure, which allowed it to gather and transmit data for three years.

Moloney said: "Fundamentally what we're seeing is a commercialisation of the fraud industry at a level really greater than what we've ever seen before.

"The barrier for entry, if you're a non-technical kind of person, has been significantly lowered."

This was seen with fraud-as-a-service', which meant that people didn't need technical expertise to infect a machine with a trojan or other type of attack, as they could simply buy what they needed.

Fraud-as-a-service was also likely to evolve in the next 12 months to support the development of the fraud economy.

"I think we'll see greater levels of sophistication and targeting under new service models," Moloney said.

"Within that fraud world there is a lot of buying and selling of information and credentials, and the better quality those credentials the better value they'll have."

The report said that enterprise fraud, which was still in its infancy' as criminals were only just starting to realise the benefits of phishing businesses, would increase to create a market for information'.

Moloney said: "If I can deliver the login credentials of the management team of a Fortune 500 company, that clearly has value."