Cyber Defense Magazine

How to organize a botnet in a rapid, efficient and economical

How to organize a botnet in a rapid, efficient and economical

March 06
15:18 2013

By Pierluigi Paganini, Editor-in-Chief

Dancho Danchev, one of the most popular security experts and observer of cyber criminal underground, described in the last weeks a new service offering access to thousands of malware-infected hosts, he has also estimated in another article published on Webroot portal  the cost necessary to arrange a botnet composed of 10,000 machines located in the US.

The expert localized and studied another service offering access to worldwide infected hosts active since middle of 2012 and that despite its official Web site is currently offline it remains in operation until present day.

The number of similar services is destined to grow rapidly confirming the trend observed in the last months, Danchev alerted on the diffusion of renting services sustained by the demand defined as DIY (do it  yourself) that see the affirmation of malware-as-service model that allows the outsourcing of criminal services also to novice cyber criminals.

Criminals don’t need to own botnet architecture neither need particular skills to manage it, they just need to rent infected network to spread of malicious agents, due this reason is

Ordinary crime is exploring cyber space as a new sector from which to draw benefits, relatively low investments, limited risks and good opportunities to gain are making cybercrime a desirable business.

To hide identity of clients during their cyber attacks many services in the underground also integrate their offer proposing anonymization proxies for example accessing to Socks5 servers.

malware_infected_hosts_as_a_service_international_europe_usa1

The service, such as the one described in the past article on Malware-as-a-Service underground offer, implements a policy price based on geographic localization of the infected machines.

Purchasing of US based U.S.-based malware-infected hosts is most expensive than machines located elsewhere due higher online purchasing power compared to the rest of the world.

Danchev proposed the following price list:

The prices are as follows:

  • 1,000 hosts World Mix go for $25, 5,000 hosts World Mix go for $110, and 10,000 hosts World Mix go for $200
  • 1,000 hosts EU Mix go for $50, 5,000 hosts EU Mix go for $225, and 10,000 hosts EU Mix go for $400
  • 1,000 hosts DE, CA and GB, go for $80, 5,000 hosts go for $350, and 10,000 hosts go for $600
  • Naturally, access to a U.S.-based host is more expensive compared to the rest of the world. A 1,000 U.S. hosts go for $120, 5,000 U.S. hosts go for $550 and 10,000 U.S hosts go for $1,000

One of the primary way to infect computers is through exploit tools, very simple to find online, that allow cyber criminals to infect large number of machines, one the most interesting bait used are websites that offers any kind of software for free.

Victims could be infected installing compromised version of legitimate software or simply accessing to the website that propose them and that host malicious code to exploit vulnerability in user’s browser.

In May 2012 Forbes published the article “Confessions of a Botnet Herder”, an interview with a botmaster who explained he breaks into computers using “warez,” copyrighted software that’s often distributed for free, generally in violation of copyright laws.

The article states:

“It’s funny that even government agencies use warez,” he said. “I found the FAA.gov credentials.” Throwaway said he can infect up to 1000 machines a day this way, but he’s thinking it might be more cost effective to rent a botnet rather than continue to build his own. “Asian installs are very cheap, $15 per 1000 installs and have good GPUs,” explained the botmaster.

Another excellent study on cyber criminal activities was published by Trend Micro, the security company popularized a very interesting report on the Russian underground market wrote by  security expert Max Goncharov. The researcher analyzed the services and the products marketed by cyber criminals describing similar services offered with malware-as-service model and related prices.

The study, based on data obtained from the analysis of Russian online forums and services attended by hackers such as antichat.ru, xeka.ru, and carding-cc.com, revealed that service rent proposes to the criminal a pre-built botnet to attack the chosen target, easy, cheap and efficient.

botnet 2

Organize a botnet has never been so easy!

(Sources: CDM and Botnet)

Share

Related Articles