Skip to main content
SpringerLink
Log in

Covertly Probing Underground Economy Marketplaces

  • Conference paper
Book cover Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6201))

Abstract

Cyber-criminals around the world are using Internet-based communication channels to establish trade relationships and complete fraudulent transactions. Furthermore, they control and operate publicly accessible information channels that serve as marketplaces for the underground economy. In this work, we present a novel system for automatically monitoring these channels and their participants. Our approach is focused on creating a stealthy system, which allows it to stay largely undetected by both marketplace operators and participants. We implemented a prototype that is capable of monitoring IRC (Internet Relay Chat) and web forum marketplaces, and successfully performed an experimental evaluation over a period of 11 months. In our experimental evaluation we present the findings about the captured underground information channels and their characteristics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Franklin, J., Paxson, V., Savage, S., Perrig, A.: An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. In: ACM Conference on Computer and Communications Security (CCS), November 2007. ACM, New York (2007)

    Google Scholar 

  2. Holz, T., Engelberth, M., Freiling, F.C.: Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Thomas, R., Martin, J.: The Underground Economy: Priceless. In: USENIX; LOGIN (2006)

    Google Scholar 

  4. Herley, C., Florencio, D.: Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy. Technical report, Microsoft Research (2009)

    Google Scholar 

  5. Akerlof, G.A.: The Market for ”Lemons”: Quality Uncertainty and the Market Mechanism. The Quarterly Journal of Economics (3) (1970)

    Google Scholar 

  6. Symantec: Symantec Report on the Underground Economy (2008), http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_underground_economy_report_11-2008-14525717.en-us.pdf

  7. Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying Malicious Websites and the Underground Economy on the Chinese Web. Technical report (2008)

    Google Scholar 

  8. Oikarinen, J., Reed, D.: RFC 1459: Internet Relay Chat Protocol. Technical report (May 1993)

    Google Scholar 

  9. Online: phpBB, http://www.phpbb.com/ (accessed: April 2010)

  10. Online: vBulletin, http://www.vbulletin.com/ (accessed: April 2010)

  11. Zeuge, K., Rollo, T., Mesander, B.: Client To Client Protocol (CTCP), http://www.irchelp.org/irchelp/rfc/ctcpspec.html

  12. Zeuge, K., Rollo, T., Mesander, B.: Direct Client Connection (DCC), http://www.irchelp.org/irchelp/rfc/dccspec.html

  13. Online: GeoIP, http://www.maxmind.com/ (accessed: April 2010)

  14. Online: Network Tool Nmap, http://nmap.org/ (accessed: April 2010)

  15. Wallace, R.: The Elements of AIML Style. Technical report, ALICE A.I. Foundation (2003)

    Google Scholar 

  16. Joachims, T.: Text Categorization with Support Vector Machines: Learning with Many Relevant Features. In: European Conference on Machine Learning (ECML), pp. 137–142. Springer, Berlin (1998)

    Google Scholar 

  17. Guo, Y., Li, K., Zhang, K., Zhang, G.: Board Forum Crawling: A Web Crawling Method for Web Forum. In: WI 2006: Proceedings of the 2006 IEEE/WIC/ACM International Conference on Web Intelligence, Washington, DC, USA, pp. 745–748. IEEE Computer Society, Los Alamitos (2006)

    Chapter  Google Scholar 

  18. Yang, J.M., Cai, R., Wang, Y., Zhu, J., Zhang, L., Ma, W.Y.: Incorporating site-level knowledge to extract structured data from web forums. In: WWW 2009: Proceedings of the 18th international conference on World wide web, pp. 181–190. ACM, New York (2009)

    Chapter  Google Scholar 

  19. Online: mIRC server list, http://www.mirc.com/servers.ini (accessed: April 2010)

  20. Online: IRC netsplit, http://irc.netsplit.de/ (accessed: April 2010)

Download references

Author information

Authors and Affiliations

  1. Secure Systems Lab, Vienna University of Technology,  

    Hanno Fallmann, Gilbert Wondracek & Christian Platzer

Authors
  1. Hanno Fallmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gilbert Wondracek
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Platzer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. International Computer Science Institute, Berkeley, USA

    Christian Kreibich

  2. Research Establishment for Applied Science (FGAN), Research Institute for Communication, Information Processing and Ergonomics (FKIE), Wachtberg, Germany

    Marko Jahnke

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fallmann, H., Wondracek, G., Platzer, C. (2010). Covertly Probing Underground Economy Marketplaces. In: Kreibich, C., Jahnke, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2010. Lecture Notes in Computer Science, vol 6201. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14215-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14215-4_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14214-7

  • Online ISBN: 978-3-642-14215-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation