Abstract
Cyber-criminals around the world are using Internet-based communication channels to establish trade relationships and complete fraudulent transactions. Furthermore, they control and operate publicly accessible information channels that serve as marketplaces for the underground economy. In this work, we present a novel system for automatically monitoring these channels and their participants. Our approach is focused on creating a stealthy system, which allows it to stay largely undetected by both marketplace operators and participants. We implemented a prototype that is capable of monitoring IRC (Internet Relay Chat) and web forum marketplaces, and successfully performed an experimental evaluation over a period of 11 months. In our experimental evaluation we present the findings about the captured underground information channels and their characteristics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Franklin, J., Paxson, V., Savage, S., Perrig, A.: An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. In: ACM Conference on Computer and Communications Security (CCS), November 2007. ACM, New York (2007)
Holz, T., Engelberth, M., Freiling, F.C.: Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)
Thomas, R., Martin, J.: The Underground Economy: Priceless. In: USENIX; LOGIN (2006)
Herley, C., Florencio, D.: Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy. Technical report, Microsoft Research (2009)
Akerlof, G.A.: The Market for ”Lemons”: Quality Uncertainty and the Market Mechanism. The Quarterly Journal of Economics (3) (1970)
Symantec: Symantec Report on the Underground Economy (2008), http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_underground_economy_report_11-2008-14525717.en-us.pdf
Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying Malicious Websites and the Underground Economy on the Chinese Web. Technical report (2008)
Oikarinen, J., Reed, D.: RFC 1459: Internet Relay Chat Protocol. Technical report (May 1993)
Online: phpBB, http://www.phpbb.com/ (accessed: April 2010)
Online: vBulletin, http://www.vbulletin.com/ (accessed: April 2010)
Zeuge, K., Rollo, T., Mesander, B.: Client To Client Protocol (CTCP), http://www.irchelp.org/irchelp/rfc/ctcpspec.html
Zeuge, K., Rollo, T., Mesander, B.: Direct Client Connection (DCC), http://www.irchelp.org/irchelp/rfc/dccspec.html
Online: GeoIP, http://www.maxmind.com/ (accessed: April 2010)
Online: Network Tool Nmap, http://nmap.org/ (accessed: April 2010)
Wallace, R.: The Elements of AIML Style. Technical report, ALICE A.I. Foundation (2003)
Joachims, T.: Text Categorization with Support Vector Machines: Learning with Many Relevant Features. In: European Conference on Machine Learning (ECML), pp. 137–142. Springer, Berlin (1998)
Guo, Y., Li, K., Zhang, K., Zhang, G.: Board Forum Crawling: A Web Crawling Method for Web Forum. In: WI 2006: Proceedings of the 2006 IEEE/WIC/ACM International Conference on Web Intelligence, Washington, DC, USA, pp. 745–748. IEEE Computer Society, Los Alamitos (2006)
Yang, J.M., Cai, R., Wang, Y., Zhu, J., Zhang, L., Ma, W.Y.: Incorporating site-level knowledge to extract structured data from web forums. In: WWW 2009: Proceedings of the 18th international conference on World wide web, pp. 181–190. ACM, New York (2009)
Online: mIRC server list, http://www.mirc.com/servers.ini (accessed: April 2010)
Online: IRC netsplit, http://irc.netsplit.de/ (accessed: April 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fallmann, H., Wondracek, G., Platzer, C. (2010). Covertly Probing Underground Economy Marketplaces. In: Kreibich, C., Jahnke, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2010. Lecture Notes in Computer Science, vol 6201. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14215-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-14215-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14214-7
Online ISBN: 978-3-642-14215-4
eBook Packages: Computer ScienceComputer Science (R0)