Feeds

Security researchers unpick botnet economics

Baron Samedi's nice little earner

SANS - Survey on application security programs

The economics of botnets and the sale of stolen information in underground bazaars have been detailed in greater depth then ever before in new research from Kasperky Lab.

Infecting PCs with strains of malware that leave them open to remote control by hackers has been the mainstay of various forms of cybercrime - spamming, identity theft and distributed denial of service attacks - for some years. Kaspersky's research highlights the asking price for a variety of criminal services rather then uncovering anything new, but is nonetheless valuable in shining a light on the financial motivations that nowadays lie behind many internet security and privacy-related threats.

The paper - The Economics of Botnets - also charts the evolution from centrally controlled systems with a single C&C towards far more sophisticated and distributed systems with decentralized control, which are far more difficult to shut down. Botnets are established by distributing backdoor code, often using drive-by download attacks via compromised websites, or rented via underground forums.

Once acquired, a would-be cybercrook has multiple potential sources of income: DDoS attacks, theft of private information, spam, phishing, SEO (Search Engine Optimisation) spam, click fraud and distributing adware. Not that there's any need to be selective. "A botnet can perform all of these activities… at the same time," notes Kaspersky researcher Yury Namestnikov.

Namestnikov sketches out the potential financial rewards from running a botnet, as summarised below:

  • Hiring a botnet for DDoS attacks can cost anything between $50 to thousands of dollars for a 24-hour attack, depending on how big and well-protected the victim site happens to be. According to shadowserver.org, around 190,000 DDoS attacks took place in 2008, earning cybercrooks an estimated $20m.
  • Stolen bank account details fetch between $1 to $1,500 depending on account balances and other factors. "The low minimum price demonstrates that the cybercriminals involved in this business have to reduce their prices due to competition," Namestnikov writes.
  • Personal data sufficient to open bank accounts under false names costs between $5 to $8 for a US citizen, or three times this amount for a EU citizen, largely because such data can be used across Europe.
  • Phisher fraudsters are prepared to pay between $1,000 to $2,000 per month to rent access to a fast flux botnet.
  • Junk mail runs cost between $70 for a few thousand spam messages to around $1,000 for tens of millions of spam messages.
  • Search engine manipulating spam costs about $300 per month.
  • Adware installs rake in anything from 30 cents to $1.50 for each installed program. The average price of dropping a malicious program on a thousand computers in China is $3, compared to $120 for the same set of machines in the (obviously more affluent) US.

Namestnikov said that only co-ordinated enforcement actions by the IT industry, government and law enforcement - alongside greater attention to internet hygiene among end users - can hope to bring the cybercrime problem under control.

"The most effective method of combating botnets is close cooperation between antivirus experts, ISPs and law enforcement agencies," Namestnikov concludes. "Such cooperation has already resulted in the closure of three companies: EstDomains, Atrivo and McColo. Note that the closure of McColo, whose servers hosted command and control centres for several major spam botnets, resulted in a 50 per cent reduction in the amount of spam circulating on the Internet."

"After botnet owners moved their command and control centres to other hosting providers, it was ‘business as usual’ for them again. What is needed is a continual effort rather than occasional inspections. Sadly, chopping off one head of the hydra is not enough!"

The fight against botnets is hopeless without users playing a part, Namestnikov argues in a call for wider application of common-sense measures against hacker attacks.

"It is home computers that make up the lion’s share of the enormous army of bots," he writes. "Neglecting to stick to simple security rules, such as using antivirus software, using strong account passwords and disabling the AutoPlay feature for removable media, can result in your computer becoming another botnet member, providing cybercriminals with your data and resources." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.