Botnet organization, easy and cheap!

Pierluigi Paganini March 02, 2013

In recent weeks I wrote about an interesting article posted on Webroot by security expert Dancho Danchev, a careful observer of cyber criminal activities in the underground. The researcher described a new service offering access to thousands of malware-infected hosts, this time Danchev tried to estimate the cost to arrange a botnet composed of 10,000 machines located in the US.

The expert analyzed another service offering access to infected hosts located everywhere in the world that is active since middle of 2012 and that despite its official Web site is currently offline it remains in operation until present day.

A factor that must be considered to better understand the increasing offer of botnet renting is the rise of DIY (do it  yourself) underground market propositions, malware as service model allows the outsourcing of criminal services, criminals don’t need to own a botnet architecture neither need particular skills to manage it, they just need to rent infected network to spread of malicious agents.

According security community this type of services offer will increase in the next months attracting also ordinary crime and inexperienced cyber criminals. To hide identity of clients during their cyber attacks many services in the underground also integrate their offer proposing anonymization proxies for example accessing to Socks5 servers. 

Also this service, such as the one described in the past article on Malware-as-a-Service underground offer, implements a policy price based on geographic localization of the infected machines.

Purchasing of US based U.S.-based malware-infected hosts is most expensive than machines located elsewhere due higher online purchasing power compared to the rest of the world.

Following the price list proposed by Danchev

The prices are as follows:

  • 1,000 hosts World Mix go for $25, 5,000 hosts World Mix go for $110, and 10,000 hosts World Mix go for $200
  • 1,000 hosts EU Mix go for $50, 5,000 hosts EU Mix go for $225, and 10,000 hosts EU Mix go for $400
  • 1,000 hosts DE, CA and GB, go for $80, 5,000 hosts go for $350, and 10,000 hosts go for $600
  • Naturally, access to a U.S.-based host is more expensive compared to the rest of the world. A 1,000 U.S. hosts go for $120, 5,000 U.S. hosts go for $550 and 10,000 U.S hosts go for $1,000

It’s interesting to compare this data with ones provided last year by Trend Micro, the security firm published a very interesting report on the Russian underground market. Security expert Max Goncharov analyzed the services and the products marketed by cyber criminals describing similar services offered with malware-as-service model and related prices.

The study, based on data obtained from the analysis of Russian online forums and services attended by hackers such as,, and, revealed that service rent proposes to the criminal a pre-built botnet to attack the chosen target, easy, cheap and efficient.


Organize a botnet has never been so easy!

Pierluigi Paganini

(Security Affairs – Cybercrime)


you might also like

leave a comment