Categories: Cyber CrimeMalware

Botnet organization, easy and cheap!

In recent weeks I wrote about an interesting article posted on Webroot by security expert Dancho Danchev, a careful observer of cyber criminal activities in the underground. The researcher described a new service offering access to thousands of malware-infected hosts, this time Danchev tried to estimate the cost to arrange a botnet composed of 10,000 machines located in the US.

The expert analyzed another service offering access to infected hosts located everywhere in the world that is active since middle of 2012 and that despite its official Web site is currently offline it remains in operation until present day.

A factor that must be considered to better understand the increasing offer of botnet renting is the rise of DIY (do it yourself) underground market propositions, malware as service model allows the outsourcing of criminal services, criminals don’t need to own a botnet architecture neither need particular skills to manage it, they just need to rent infected network to spread of malicious agents.

According security community this type of services offer will increase in the next months attracting also ordinary crime and inexperienced cyber criminals. To hide identity of clients during their cyber attacks many services in the underground also integrate their offer proposing anonymization proxies for example accessing to Socks5 servers.

Also this service, such as the one described in the past article on Malware-as-a-Service underground offer, implements a policy price based on geographic localization of the infected machines.

Purchasing of US based U.S.-based malware-infected hosts is most expensive than machines located elsewhere due higher online purchasing power compared to the rest of the world.

Following the price list proposed by Danchev

The prices are as follows:

1,000 hosts World Mix go for $25, 5,000 hosts World Mix go for $110, and 10,000 hosts World Mix go for $200
1,000 hosts EU Mix go for $50, 5,000 hosts EU Mix go for $225, and 10,000 hosts EU Mix go for $400
1,000 hosts DE, CA and GB, go for $80, 5,000 hosts go for $350, and 10,000 hosts go for $600
Naturally, access to a U.S.-based host is more expensive compared to the rest of the world. A 1,000 U.S. hosts go for $120, 5,000 U.S. hosts go for $550 and 10,000 U.S hosts go for $1,000

It’s interesting to compare this data with ones provided last year by Trend Micro, the security firm published a very interesting report on the Russian underground market. Security expert Max Goncharov analyzed the services and the products marketed by cyber criminals describing similar services offered with malware-as-service model and related prices.

The study, based on data obtained from the analysis of Russian online forums and services attended by hackers such as antichat.ru, xeka.ru, and carding-cc.com, revealed that service rent proposes to the criminal a pre-built botnet to attack the chosen target, easy, cheap and efficient.

Organize a botnet has never been so easy!

Pierluigi Paganini

(Security Affairs – Cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.