Cost of DDoS, leak of credit card numbers, infected machine and spam

Posted on by

PURPOSE

The main goal of laboratory report is to identify the costs of nowadays most known attack  DDOS, leak of credit card numbers, infected machine and never the less sending spam for 1 000 000 (one million) people. There are few points that should be presented:

  • Where did we discovered the information (links or sources)
  • What kind of source of communication we used, for instance: instant messing, ICQ, IRC, which contact we have gather the information
  • What are the prices for the above attacks.

First of all, we must bear in mind that collecting the above information it is presented
to a numerous affected sources ( i.e. Website, news, forums, IRC chat,etc.). By visiting the source can lead you to a virus, trojan, malicious code, malware, etc. Which can damage your system. Therefore, we are going to use virtual environment to find our demands. In addition, we will use different languages and different search engines.

Construction of report is separated by tasks section. Where each section is
presented with the source, communication type and the costs of the service. In addition, in
Appendix 1 we give the configuration of virtual environment.

Finally the conclusion made of all collected data will be concise in conclusion
section.

TASKS

Following list is the numeration of the tasks:

  1. DDoS
  2. Credit Card Numbers
  3. Infected Machines
  4. Spam for 1 000 000 people

TASK 1

Source where we can find information about the cost of DDoS attacks are provided in
Russian most known [Hackzone] forum. This is the source will give as more of the
answers. But again be careful when you accessing this site. It is on your own risk.

From the following link we received an information about DDoS attacks: [HackzoneDDoS]. With the following translated statement:

The average price of service from $ 50 per day. Depends on the complexity of the
attacked site. Methods of payment accepted via WebMoney. The network is practically
around the clock!
• Commands:
http / https / icmp / post / syn / udp /
Price:
Day from $ 50
Week from $ 350
From $ 1200 per month
(Prices may change depending of type and timing of orders on the complexity of the
attacked site)
Demo test for 5-10 minutes.
Contact:
Icq :20-**-29
Inspections completed:
hack-world.org
www.xaker.name
forum.xaknet.ru
Most of the DDoS attack service are around per day $ 50, here is an other source
and contact details:
Contact details :
Icq:22-**-327
Icq:875-**3
E-mail:anti**os@jab**r.ru

The above information is from the following link:http://www.hackzone.ru/forum/open/id/15608/. Other sources that can be found are with
the following links: http://www.hackzone.ru/forum/open/id/16067/ and http://www.hackzone.ru/forum/open/id/17187/

As we stated above that the price is from $50 per day and it goes until $350 per
month and so on.

TASK 2

The number of credit cards leaked in the web are numerous amount. The prices are not
that high as people expected. For card that comes from European country is the highest
price and for the other are much cheaper.
Here some information from the following link, leak from Support_BM Originar
source is in Russian language, so for this report is translated to English. From the source
[CartNumber].

At the moment there is only us, ca, cvv.
Databases are updated every 2-3 days, Walid varies from 75 to 90%.
Price:
us visa, mc cvv = $ 1.5
us amex, diss = $ 1.5
us without vbv \ mksk = $ 2
us not tied and PayPal = $ 2
EU = $ 6-9
World = $ 3-6
CIS is not and never will.
Sorted by: bean = $ 1
Sample on any other criterion = +0.5 $
Sampling only on the following criteria: bin, judge, state, city, type, zip.
WARNING! I do not select “No vbv”, “No attachment to the paypal”, “Give me a map that
would be held there now and then.”
Terms and conditions of service provision:
1. Replacement non valid within 48 hours of purchase.
2. I only 04/05/51 Declined, Hold-Call, check only CCN + EXP + CVV
3. On messages such as “Here?” “Hi, how are” probably will not answer.
4. Money Beg do not.
5. Do not change the board, check it before selling.
6. I believe only their own way, proven in battle, checker, so your results, another checker, and so do not pay attention.
7. Using my service, you automatically agree with everything stated in this post.
8. Reserve the right to refuse service to anyone, without explanation.
9. I am not responsible for the account balances card-holders.
10. I do not give advice on the use of the material.
11. Do not keep a bazaar talks about the reductions.
12. I do not care where you do not go away if you gave Checker Walid Walid means.
Card format:
Credit Card Number | CVV2 | ??Exp.date | Name | Address Line | City | State | Zip Code |
Country | Phone (Not Always) | Email Address (not always)
Attention! Before you knock a replacement non valid, make sure that all the provided
maps not valid if none of these cards will be found a valid card and a replacement will be
denied.
Learn to appreciate their own and other people’s time, get a checker, and live happily ever
after.
Contact the seller checker can provide for everyone.
I accept payment only WMZ and LibertyReserve
My WMID has 70BL, as well as on-demand in icq give links to many reviews.
Contact:
ICQ: 604000**0
JID: ***nager@thes**ure.biz
Posted 13.10.2010 13:45:51 (8 days 18 hours 31 minutes 59 seconds)

Other source that cross is from Russian banks Alfa debit or others the price from
$175. Source is published by contact details: Jabber: v**yt@exp**it.im, ICQ: 25**165,
Skype: V**yt_. On the following link: http://lab-one.net/showthread.php?t=664

TASK 3

Nowadays it is not hard to find an infected machine/computer. Because most of the user
PC’s are based with operating system Windows and are most of them infected. I have try
so hard to find infected machine price, but until today, I did not come up with any good
source. Therefore, I would like if it is possible to add this source and discuss this source
and information with the fellow students.

TASK 4

Spamming for one million people it sounds impossible, but still out there someone is
offering this service. Here is from Kazakhstan source with the following information,
translated in English:

E-mail newsletter:
1 post = 1 m., minimum order 10 000 posts.
For large orders – big discounts!
At present there is action: 10 000 tenge, we send 20 000 messages.
+ Action: 50 000 tenge, we send your letter to 360 000 email ardesov in Almaty, send 3
times in one month!
The action is over, send a time.
E-mail database:
In Almaty:
60 000 LEGAL Address – Almaty Yuredicheskie email addresses, the entire directory guide
“our town” and directory site “Samruk Kazyna”
430 000 – private address Almaty residents collected via mail search agent criteria:
country, city, gender, age.
Throughout Kazakhstan:
240 000 – LEGAL person Kazakhstan LLP, Ltd., Inc., Ltd., etc. collected from various
references such as “yellow pages” “compass” etc.
3.4 million – individuals, all of Kazakhstan. – Collected through the mail search agent
criteria: country, city, gender, age.
P.S. you can build a base of email addresses to any city in Kazakhstan, or any other city in
any other country, can you give us the criteria and we will collect your base, an example of
criteria:
I try, the city, Age, sex, online, not online.
P.S. Legal mailings are engaged for 3 years, dispatching more than 5 years.
To Order: +7-701-1**5575, +7 (727) -329-61-**.
E-mail: d**z@i**ox.ru

Indeed, for 10 000 KZT = 67.45 USD and the amount of message send are 20 000
spam. Then the price for one million spam is 3.372.5 USD without discount. The above
links is from the following source [Rassilka.kz].

CONCLUSION

I would like to generalize that from the above information we see that for any service that
we looked for, it has a price. Value that are different in other countries and currencies. Yet,
before you start this research make sure that you are not using your local machine.
Likewise, I have used an virtual environment to be able to collect all the above data.
Because the sites, forums, links, etc. are infected with malicious code, or can be easily
traceable.
In summary, we utter gather as much as possible different sources and different
prices. Most expensive is the spam for one million people, second is DDoS attacks and
never the last is to gain an credit card numbers from different countries and different price.
For more info please refer to following source [QuinStreet Inc] why I have chose Russia as
the main source.

APPENDIXES

Appendix 1 is configuration of the virtual environment.

APPENDIX 1

Virtual environment: Oracle VirtualBox Version 4.1.2 r73507. Downloadable from the
following link: https://www.virtualbox.org/wiki/Downloads
Security Fedora 14 32 bit – Client: http://spins.fedoraproject.org/security/
• Base Memory: 512 MB
• Acceleration: VT-x/AMD-V, Nested Paging
• Display – Video memory: 12 MB
• Storage: SATA Controller, Port 0: 8 GB
• Network:
◦ Adapter 1: Adapter 1: Parvirtualized Network (NAT)
◦ Adapter 2: Adapter 2: Inter PRO/1000 MT Desktop (Host-only adapter, „VirtualBox Host- Only Enternet Adapter“)

Bibliography

Hackzone: HackZone.ru, Forum, 2011, http://www.hackzone.ru/
HackzoneDDoS: Master_DDoS, Качественный DDoS Сервис, ,
http://www.hackzone.ru/forum/open/id/17387/
CartNumber: Support_BM, Качественный US\EU\WORLD картон, 2011,
http://www.hackzone.ru/forum/open/id/14936/
Rassilka.kz: kamondimon, E-mail рассылки!, 2011, http://rassilka.kz/rassilki-rassilka-kz/47-e-mailrassylki.html
QuinStreet Inc: Paul Rubens, Understanding the Russian Hacker Underground, Aug 13, 2010,
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3898601/Understanding-the-Russian-Hacker-Underground.htm

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>