Feeds

Security researchers unpick botnet economics

Baron Samedi's nice little earner

The essential guide to IT transformation

The economics of botnets and the sale of stolen information in underground bazaars have been detailed in greater depth then ever before in new research from Kasperky Lab.

Infecting PCs with strains of malware that leave them open to remote control by hackers has been the mainstay of various forms of cybercrime - spamming, identity theft and distributed denial of service attacks - for some years. Kaspersky's research highlights the asking price for a variety of criminal services rather then uncovering anything new, but is nonetheless valuable in shining a light on the financial motivations that nowadays lie behind many internet security and privacy-related threats.

The paper - The Economics of Botnets - also charts the evolution from centrally controlled systems with a single C&C towards far more sophisticated and distributed systems with decentralized control, which are far more difficult to shut down. Botnets are established by distributing backdoor code, often using drive-by download attacks via compromised websites, or rented via underground forums.

Once acquired, a would-be cybercrook has multiple potential sources of income: DDoS attacks, theft of private information, spam, phishing, SEO (Search Engine Optimisation) spam, click fraud and distributing adware. Not that there's any need to be selective. "A botnet can perform all of these activities… at the same time," notes Kaspersky researcher Yury Namestnikov.

Namestnikov sketches out the potential financial rewards from running a botnet, as summarised below:

  • Hiring a botnet for DDoS attacks can cost anything between $50 to thousands of dollars for a 24-hour attack, depending on how big and well-protected the victim site happens to be. According to shadowserver.org, around 190,000 DDoS attacks took place in 2008, earning cybercrooks an estimated $20m.
  • Stolen bank account details fetch between $1 to $1,500 depending on account balances and other factors. "The low minimum price demonstrates that the cybercriminals involved in this business have to reduce their prices due to competition," Namestnikov writes.
  • Personal data sufficient to open bank accounts under false names costs between $5 to $8 for a US citizen, or three times this amount for a EU citizen, largely because such data can be used across Europe.
  • Phisher fraudsters are prepared to pay between $1,000 to $2,000 per month to rent access to a fast flux botnet.
  • Junk mail runs cost between $70 for a few thousand spam messages to around $1,000 for tens of millions of spam messages.
  • Search engine manipulating spam costs about $300 per month.
  • Adware installs rake in anything from 30 cents to $1.50 for each installed program. The average price of dropping a malicious program on a thousand computers in China is $3, compared to $120 for the same set of machines in the (obviously more affluent) US.

Namestnikov said that only co-ordinated enforcement actions by the IT industry, government and law enforcement - alongside greater attention to internet hygiene among end users - can hope to bring the cybercrime problem under control.

"The most effective method of combating botnets is close cooperation between antivirus experts, ISPs and law enforcement agencies," Namestnikov concludes. "Such cooperation has already resulted in the closure of three companies: EstDomains, Atrivo and McColo. Note that the closure of McColo, whose servers hosted command and control centres for several major spam botnets, resulted in a 50 per cent reduction in the amount of spam circulating on the Internet."

"After botnet owners moved their command and control centres to other hosting providers, it was ‘business as usual’ for them again. What is needed is a continual effort rather than occasional inspections. Sadly, chopping off one head of the hydra is not enough!"

The fight against botnets is hopeless without users playing a part, Namestnikov argues in a call for wider application of common-sense measures against hacker attacks.

"It is home computers that make up the lion’s share of the enormous army of bots," he writes. "Neglecting to stick to simple security rules, such as using antivirus software, using strong account passwords and disabling the AutoPlay feature for removable media, can result in your computer becoming another botnet member, providing cybercriminals with your data and resources." ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?