In this post, we continue talking about the price of malware, focusing on the price of software (Trojans, joiners, etc.):

Keylogger Teller 2.0: typical keylogger; it uses stealth techniques and is quite complete: US$40.

Webmoney Trojan: it captures Webmoney accounts: US$500, but the first 100 will obtain it for US$400!!!

WMT-spy: Another Trojan to obtain WebMoney accounts but quite cheaper than the previous one (its creator publishes the results it has obtained in virustotal): an executable US$5, updates US$5, the builder costs US$10.

Text translated from Russian using Google:


SNATCH TROJAN: We have already talked about this Trojan in a previous post. It steals passwords and has rootkit functionalities: US$600.

Limbo Trojan: I only mention the price, US$500. I have seen it in other sites on special offer for US$350. We will talk about this Trojan soon.

FTP checker: a program to validate stolen FTP accounts. You load the list of FTP accounts and it automatically checks if the user and the password is correct for each account, separating the valid accounts from the invalid ones: US$15.

Dream Bot Builder: It floods servers for only US$500 + US$25 for update.

Pinch: a make-to-order Trojan creator, very complete. We will publish a post about it analysing all its characteristics deeply. A make-to-order executable (Trojan): US$30. Update: US$5

Text translated from Russian using Google:


Joiner and encryption:

Polaris: Polymorphic encryption for your executables: US$20.

Freejoiner: It hides your executables joining them with other files for US$30 + US$5 for update.

My joiner: Other joiner belonging to the creator of Pinch: US$10.

Pity Joiner: Another joiner for only US$7.

MPACK: an application that is installed in a server and allows Trojans to be installed on remote systems using several exploits. Vicente Martínez is preparing a complete review of the application. Soon, he will share it with us. The version 0.80 (of 13 March) is available for US$700. At the beginning of April, the version was updated including the new exploit for the ANI files.

Text translated from Russian using Google:

Ecore exploit 1.2: Another framework similar to Mpack, very complete and updatable. It is new (March) and allows the infected computer to be controlled and monitored. This way, everything that the loader (Trojan) harvests from the infected computer (passwords, URLs, accounts, etc…) can be accessed online. The prices vary depending on what the buyer is looking for:

Bundle:                                    US$590 (for a domain/ip with the ecore installed).

            Domain/additional ip:                US$490 (help for the installation:US$15).

Text translated from Russian using Google:


How to pay:

The most common way to purchase these “products” is to contact via ICQ with the seller and once everything is arranged, the buyer pays the purchase. In the 80% of the cases, the payment is made via WebMoney. In fact, the products are usually offered in wmz, which is the WebMoney coin equivalent to US$.