There are many facets to a cybercriminal operation, and one of them that is often overlooked—but is no less significant—is the hosting servers from which they launch their attacks. Commonly known in the industry as Bulletproof Hosting Servers (BPHS), these are hardware-, software- or application-based hosting facilities that can store any type of content and executable code, just like any regular hosting service. What makes them different? These types of servers can be used to host malicious content, such as phishing sites, pornography, fake shopping and carding sites, and even command-and-control (C&C) infrastructure. In short, it’s the foundation on which major cybercriminal operations are built...

This latest research by Trend Micro aims to bring these hosting services to the public eye, offering a look into the more obscure details of cybercrime. Specifically, it seeks to answer the following questions:

• What malicious content is most commonly hosted with these services
• What are the business models being used by BHPS providers
• How BHPS providers stay in business
• How much do BHPS services cost for the common cybercriminal

Through extensive research, we are able to provide the following answers:

• The most common malicious content hosted on BHPS consist of fake shopping sites, torrent file download sites, Blackhat SEO pseudo-sites, brute force tools, C&C components and more.
• BHPS providers’ business models consist of three models: a.) the dedicated bulletproof server model, in which the provider knowingly hosts malicious content; b.) the compromised dedicated server, where the provider compromises dedicated legitimate servers and rents them out to malicious parties, and c.) abused cloud-hosting services, where legitimate service providers are being used illegally.
• Besides hosting malicious content, BHPS providers also earn revenue from other services, such as technical support, infrastructure migration, protection against DDoS attacks and more. Just like a legitimate server hosting practice, they provide supplementary services for their clients.
• The price of a hosting server depends on which business model the provider is using as well as the duration of usage. A dedicated server may cost around US$70 a month, while another can cost as much as US$5 for only one attack.