Feeds

Security researchers unpick botnet economics

Baron Samedi's nice little earner

Providing a secure and efficient Helpdesk

The economics of botnets and the sale of stolen information in underground bazaars have been detailed in greater depth then ever before in new research from Kasperky Lab.

Infecting PCs with strains of malware that leave them open to remote control by hackers has been the mainstay of various forms of cybercrime - spamming, identity theft and distributed denial of service attacks - for some years. Kaspersky's research highlights the asking price for a variety of criminal services rather then uncovering anything new, but is nonetheless valuable in shining a light on the financial motivations that nowadays lie behind many internet security and privacy-related threats.

The paper - The Economics of Botnets - also charts the evolution from centrally controlled systems with a single C&C towards far more sophisticated and distributed systems with decentralized control, which are far more difficult to shut down. Botnets are established by distributing backdoor code, often using drive-by download attacks via compromised websites, or rented via underground forums.

Once acquired, a would-be cybercrook has multiple potential sources of income: DDoS attacks, theft of private information, spam, phishing, SEO (Search Engine Optimisation) spam, click fraud and distributing adware. Not that there's any need to be selective. "A botnet can perform all of these activities… at the same time," notes Kaspersky researcher Yury Namestnikov.

Namestnikov sketches out the potential financial rewards from running a botnet, as summarised below:

  • Hiring a botnet for DDoS attacks can cost anything between $50 to thousands of dollars for a 24-hour attack, depending on how big and well-protected the victim site happens to be. According to shadowserver.org, around 190,000 DDoS attacks took place in 2008, earning cybercrooks an estimated $20m.
  • Stolen bank account details fetch between $1 to $1,500 depending on account balances and other factors. "The low minimum price demonstrates that the cybercriminals involved in this business have to reduce their prices due to competition," Namestnikov writes.
  • Personal data sufficient to open bank accounts under false names costs between $5 to $8 for a US citizen, or three times this amount for a EU citizen, largely because such data can be used across Europe.
  • Phisher fraudsters are prepared to pay between $1,000 to $2,000 per month to rent access to a fast flux botnet.
  • Junk mail runs cost between $70 for a few thousand spam messages to around $1,000 for tens of millions of spam messages.
  • Search engine manipulating spam costs about $300 per month.
  • Adware installs rake in anything from 30 cents to $1.50 for each installed program. The average price of dropping a malicious program on a thousand computers in China is $3, compared to $120 for the same set of machines in the (obviously more affluent) US.

Namestnikov said that only co-ordinated enforcement actions by the IT industry, government and law enforcement - alongside greater attention to internet hygiene among end users - can hope to bring the cybercrime problem under control.

"The most effective method of combating botnets is close cooperation between antivirus experts, ISPs and law enforcement agencies," Namestnikov concludes. "Such cooperation has already resulted in the closure of three companies: EstDomains, Atrivo and McColo. Note that the closure of McColo, whose servers hosted command and control centres for several major spam botnets, resulted in a 50 per cent reduction in the amount of spam circulating on the Internet."

"After botnet owners moved their command and control centres to other hosting providers, it was ‘business as usual’ for them again. What is needed is a continual effort rather than occasional inspections. Sadly, chopping off one head of the hydra is not enough!"

The fight against botnets is hopeless without users playing a part, Namestnikov argues in a call for wider application of common-sense measures against hacker attacks.

"It is home computers that make up the lion’s share of the enormous army of bots," he writes. "Neglecting to stick to simple security rules, such as using antivirus software, using strong account passwords and disabling the AutoPlay feature for removable media, can result in your computer becoming another botnet member, providing cybercriminals with your data and resources." ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.