The Business of Botnets

Kaspersky Lab released some interesting statistics recently in a technical whitepaper. As part of its research into the cyber-underground, the company took a look at how botmasters are pricing the networks under their control.

The prices cover a fairly large range, and depend on both what buyers are interested in and what they plan to do with what they purchase. Here is a list of what Kaspersky found:

• Buying a botnet to launch a continuous 24-hour distributed-denial-of-service attack can cost from $50 to several thousand.
• A list of 1 million e-mail addresses can cost between $20 and $100, with spammers charging an additional $150 to $200 for a mailing to those million addresses. A targeted spam campaign can cost from $70 for a few thousand names to $1,000 for tens of millions of names.
• Spam meant to optimize a search engine ranking costs about $300 per month.
• Phishers pay $1,000 to $2,000 a month for access to fast-flux botnets.
• The lease of a mail botnet that can send about 1,000 messages a minute (with 100 zombie machines working online) is about $2,000 per month. Small botnets of a few hundred computers run from $200 to $700.

"As in the case of leasing, the price of a ready-made botnet depends on the number of infected computers," blogged Yury Namestnikov, senior developer at Kaspersky Lab. "The Shadow botnet, which was created by a 19-year-old hacker from Holland and included over 100,000 computers, was put on sale for $36,000. This is enough to buy a small house in Spain, but the Brazilian cyber-criminal chose the botnet."

Without help from users, combating botnets cannot be effective, the researcher contended.

"It is home computers that make up the lion's share of the enormous army of bots," Namestnikov said. "Neglecting to stick to simple security rules, such as using anti-virus software, using strong account passwords and disabling the AutoPlay feature for removable media, can result in your computer becoming another botnet member, providing cyber-criminals with your data and resources. Why help cyber-criminals?"

Posted by Brian Prince on July 24, 2009 12:49 PM

View all of Botnets, Exploits and Attacks, Phishing and Fraud, Spam

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/17514

Comments (1)

SiL :

It's a bit too easy to say "home users whose PC's are infected should adopt better security measures."

The reasons that will never fly at all are among the following:

1) Many users are using bootlegged copies of Windows, and as a result have turned off automatic updates, making them the most vulnerable to these infections.
2) Many people find most antivirus software suites to be bloated and notice significant slowdown of computer resources when they run them. They either disable or remove these suites when they discover that shutting them down results in a speed increase.

So in essence: these are not "savvy" computer users. They're people who wanted a PC for as cheap a price as possible, and also didn't want to pay for things like more ram or a legitimate copy of Windows XP.

Microsoft could solve this in an afternoon if they chose to. Just target those installations which they know to be illegitimate and do a "grace" removal of the malware.

They probably don't do this for a variety of security and ethical reasons.

SiL

Posted by SiL | July 24, 2009 2:35 PM