In my last post, I discussed the trend of automated credit card stores proliferating in the fraudster underground. In addition to the reasons I listed in my last post as to why these stores have become so prevalent, we were able to find proof of an additional catalyst driving their popularity since the previous post was written. A PHP script of an automated store has been uncovered, part of the code for an automatic credit card store. Interestingly, the script contained a signature similar to the signatures found in phishing kits (“This script was created by…” in the code comments). This is a strong indicator that the script has been developed for the purpose of distribution and not just for personal use.
Automatic store kits most likely have made a tremendous contribution to the increase in volume of such websites. Historically, whenever an underground product has been packaged into a “kit”, allowing it to be easily traded and shared, there is a boom in its usage. The availability of phishing kits in the underground help prove it. Before kits were available, only fraudsters who were technically savvy were able to clone sites and set up scams. Even though cloning sites doesn’t require deep understanding in programming or even computers in general, it still left a lot of wannabe fraudsters out of the equation. After phishing scams became easier to launch through the use of a kit, new doors opened up to many unsophisticated fraudsters and not much needs to be said about the volume of phishing.
The story is quite the same with financial malware. Trojan horses were used only by the cream of the crop, sophisticated fraudsters who knew how to code, compile and manage these sophisticated programs. In time, certain fraudsters began developing Trojan horses with distribution in mind. Malware became available to the “working class” – and the rest is history.
Unlike phishing kits and certain versions of Zeus, scripts of automatic stores have yet to be distributed for free in repositories. Even the trading of these scripts has been almost exclusively done in private. As with phishing and malware, it is only a matter of time before these scripts join other scripts offered for free in the underground – such as mass-mailers and credit card checkers. Then, this trend will receive yet another boost and underground forums will continue into becoming the yellow pages of such external stores.
The availability of automated store kits will come, of course, with a price. Ripping buyers off is much easier on third party web sites than in regulated forums or even IRC chat rooms. Rippers (fraudsters who rip other fraudsters off as a means of earning money) will most likely set up quite a few of these stores for the sole purpose of luring potential buyers into funding their accounts on these sites, only to find out that the card previews are all fake.
Availability is a key factor in the evolution of fraud tools, the volume of their use and the fraud losses associated to them. Making various services and products available for other fraudsters is the whole premise of the underground itself. With the availability of these kits, it appears that the trend of moving to automated stores is not going to slow down any time soon.