Carnegie Mellon University's researchers have designed new computer tools to better understand and potentially thwart the growth of internet black markets where attackers use well-developed business practices to hawk viruses, steal data and attack services.

The researchers observed these markets for seven months, and developed automated techniques to measure and catalogue the activities of the shadowy online crooks.

The researchers estimate the total value of the illegal materials available for sale in the seven-month period at more than $37 million.

"These troublesome entrepreneurs even offer tech-support and free updates for their malicious creations that run the gamut from denial of service attacks, designed to overwhelm websites and servers to data stealing Trojan viruses," says Adrian Perrig, an associate professor of electrical and computer engineering and public policy.

Perrig is working with Jason Franklin, and in conjunction with Vern Paxson of the International Computer Science Institute and Stefan Savage of the University of California, San Diego, to make the project a success.

"The scary thing about all this is that you do not have to be in the know to find black markets. They are easy to find, easy to join and just a mouse click away," Franklin said. "We believe these black markets are growing, so we will have even more incidents to monitor and study in the future," Perrig said.

"Our research monitoring found that more than 80,000 potential credit card numbers were available through these illicit underground web economies," said Franklin, a PhD student in computer science. However, the the cards seen may not have been valid when they were observed.

Whatever the purchases, a buyer will typically contact the black market vendor privately using email, or in some cases, a private instant message. Money generally changes hands through non-bank payment services such as e-gold, making the criminals difficult to track.

A recent CSI survey reported that US companies, on average, lost more than $300,000 to cyber crooks compared to $168,000 last year.

To stem the flow of stolen credit cards and identity data, Carnegie Mellon researchers proposed two technical approaches to reduce the number of successful market transactions, including a slander attack and another technique, which were aimed at undercutting the cyber-crooks verification or reputation system.

"Just like you need to verify that individuals are honest on Ebay, online criminals need to verify that they are dealing with 'honest' criminals," Franklin said.

In a slander attack, an attacker eliminates the verified status of a buyer or seller through false defamation. "By eliminating the verified status of the honest individuals, an attacker establishes a lemon market where buyers are unable to distinguish the quality of the goods or services," Franklin said.

The researchers also propose to undercut the burgeoning black market activity by creating a deceptive sales environment. Perrig's team developed a technique to establish fake verified-status identities that are difficult to distinguish from other-verified status sellers making it hard for buyers to identify the honest verified-status sellers from dishonest verified-status sellers.

"So, when the unwary buyer tries to collect the goods and services promised, the seller fails to provide the goods and services. Such behaviour is known as 'ripping'. And it is the goal of all black market site's verification systems to minimise such behaviour," said Franklin.