It has been written very often already – the malware writers are doing professional development in the meanwhile. They don’t want to show their skills anymore, but just to earn money.

Some people (often we can see adolescents in the “hacker” forums) buy cheap Botnet construction kits which allow them to build encrypted malware which they spread around. There is not much to gain with just installing such Trojans. But it is possible to install software which pays for each installation, for example. This might be adware, but the affiliate programs seem to be getting better for the most computer users – at least for those ad companies which want to act legal. Also there is the risk of getting caught because it is necessary to give some real data to these affiliate providers.

In this gap other cyber criminals step in. They provide their own pay-per-install programs and promise fast payment. To “prove” they belong to the cyber criminals, they even call themselves “Gangsta*****”. The website layout is somewhat appealing.

The botnet owners just need to install the Gangsta***** software on the drones. Then they will see a steady money flow, the Gangsta***** website promises. Most valuable are infected computers in the U.S..

Even a regular check with multiple anti malware solutions is done to ensure the detection rate is not too high.

And this is what shows the real deal – cyber criminals pay other cyber crooks to install and maintain their malware on infected computers. There has to be a high level of trust among the untrustworthy – what happens if the Gangsta***** malware removes the initial infection and takes over the computer alone?

We are protecting our customers as Avira products detect this threat with heuristics as TR/Crypt.XPACK.Gen as well as TR/Crypt.ZPACK.Gen.

Dirk Knop
Technical Editor