Studying Malicious Websites and the Underground Economy on the Chinese Web

The World Wide Web gains more and more popularity within China with more than 1.31 million websites on the Chinese Web in June 2007. Driven by the economic profits, cyber criminals are on the rise and use the Web to exploit innocent users. In fact, a real underground black market with thousand of participants has developed which brings together malicious users who trade exploits, malware, virtual assets, stolen credentials, and more. In this paper, we provide a detailed overview of this underground black market and present a model to describe the market. We substantiate our model with the help of measurement results within the Chinese Web. First, we show that the amount of virtual assets traded on this underground market is huge. Second, our research proofs that a significant amount of websites within China’s part of the Web are malicious: our measurements reveal that about 1.49% of the examined sites contain some kind of malicious content

Integrated Approach of Malicious Website Detection

With the advent and the rising popularity of Internet, security is becoming one of the focal point. At present, Web sites have become the attacker’s main target. The attackers uses the strategy of embedding the HTML tags, the script tag to include Web-based Trojan scripting or redirector scripting, the embedded object tag which activates the third-party applications to display the embedded object and the advanced strategy is the ARP spoofing method to build malicious website when the attackers cannot gain control of the target website. The attacker hijacks the traffic, then injects the malicious code into the HTML responses to achieve virtual malicious websites. The malicious code embedded in the web pages by the attackers; change the display mode of the corresponding HTML tags and the respective effects invisible to the browser users. The display feature setting of embedded malicious code is detected by the abnormal visibility recognition technique which increases efficiency and reduces maintenance cost. Inclusion of the honey client increases the malicious website detection rate and speed. Most of the malicious Web pages are hence detected efficiently and the malicious code in the source code is located accurately. It can also handle End-User requests to know whether their webpage is free of Malicious codes or not

An investigation into Chinese cybercrime and the underground economy in comparison with the West

With 420 million Internet users, China has become the world’s largest Internet population and the Chinese cyber-security has become globally significant. In this investigation, cybercrimes in China were studied from both sociological and technical perspectives using an array of methods including literature review, passive monitoring of online forums and interest groups as well as establishing direct contact with the Chinese cybercriminals. Hacking was found to be immensely popular in China with a population of 3.6 million registered users spanning across just 19 online hacker forums. Financial and political factors were found to be the main motivations for Chinese cybercriminals. Observations from the Chinese hacktivist forums during recent Chinese cyber-attacks against Japan has brought to light some valuable insights into the true state of hacktivism in China and the level of tolerance from the Chinese government towards such actions. Furthermore, it was found that not only do organised cybercrimes exist in China but also an underground economy as sophisticated as that in the West is flourishing at a rapid pace. Estimates from Chinese security experts suggest that the size of the Chinese underground economy may be much larger than that observed in the West. With the support of the Serious Organised Crime Agency (SOCA), the frameworks of organised cybercrime as observed in the West were compared with those observed in China. Significant similarities and differences were found including differences in the tools of trade used and some of the pricing of goods and services advertised in the underground economy. A generic mapping of the underground economy was deduced from the comparison of frameworks

Economic Factors of Vulnerability Trade and Exploitation

Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table

Flipping 419 Scams: Targeting the Weak and the Vulnerable

Most of cyberscam-related studies focus on threats perpetrated against the Western society, with a particular attention to the USA and Europe. Regrettably, no research has been done on scams targeting African countries, especially Nigeria, where the notorious and (in)famous 419 advanced fee scam, targeted towards other countries, originated. However, as we know, cybercrime is a global problem affecting all parties. In this study, we investigate a form of advance fee fraud scam unique to Nigeria and targeted at Nigerians, but unknown to the Western world. For the study, we rely substantially on almost two years worth of data harvested from an online discussion forum used by criminals. We complement this dataset with recent data from three other active forums to consolidate and generalize the research. We apply machine learning to the data to understand the criminals’ modus operandi. We show that the criminals exploit the socio-political and economic problems prevalent in the country to craft various fraud schemes to defraud vulnerable groups such as secondary school students and unemployed graduates. The result of our research can help potential victims and policy makers to develop measures to counter the activities of these criminal groups

Impact of corruption and crime on smuggling: evidence from Iran

The main purpose of this research is to investigate the size and the relationship between smuggling and crime indexes such as returned checks, corruption and drinking alcohol in Iran during the period 1984–2015 by using Multiple Indicators Multiple Causes (MIMIC) model and Maximum Likelihood Estimation (MLE) method. The results showed that among the crime indexes, divorce, drinking alcohol and corruption were positively correlated with smuggling, while another crime index, returned checks had a negative relationship with smuggling. Besides, all socio-economic cause variables on smuggling, including tariffs, misery index, illiteracy, gap of exchange rate, economic openness index and the size of government were found to increase smuggling. Furthermore, the findings showed that the cause variables on smuggling, including liquidity and energy consumption were positively correlated with smuggling

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions