Feeds

Security researchers unpick botnet economics

Baron Samedi's nice little earner

5 things you didn’t know about cloud backup

The economics of botnets and the sale of stolen information in underground bazaars have been detailed in greater depth then ever before in new research from Kasperky Lab.

Infecting PCs with strains of malware that leave them open to remote control by hackers has been the mainstay of various forms of cybercrime - spamming, identity theft and distributed denial of service attacks - for some years. Kaspersky's research highlights the asking price for a variety of criminal services rather then uncovering anything new, but is nonetheless valuable in shining a light on the financial motivations that nowadays lie behind many internet security and privacy-related threats.

The paper - The Economics of Botnets - also charts the evolution from centrally controlled systems with a single C&C towards far more sophisticated and distributed systems with decentralized control, which are far more difficult to shut down. Botnets are established by distributing backdoor code, often using drive-by download attacks via compromised websites, or rented via underground forums.

Once acquired, a would-be cybercrook has multiple potential sources of income: DDoS attacks, theft of private information, spam, phishing, SEO (Search Engine Optimisation) spam, click fraud and distributing adware. Not that there's any need to be selective. "A botnet can perform all of these activities… at the same time," notes Kaspersky researcher Yury Namestnikov.

Namestnikov sketches out the potential financial rewards from running a botnet, as summarised below:

  • Hiring a botnet for DDoS attacks can cost anything between $50 to thousands of dollars for a 24-hour attack, depending on how big and well-protected the victim site happens to be. According to shadowserver.org, around 190,000 DDoS attacks took place in 2008, earning cybercrooks an estimated $20m.
  • Stolen bank account details fetch between $1 to $1,500 depending on account balances and other factors. "The low minimum price demonstrates that the cybercriminals involved in this business have to reduce their prices due to competition," Namestnikov writes.
  • Personal data sufficient to open bank accounts under false names costs between $5 to $8 for a US citizen, or three times this amount for a EU citizen, largely because such data can be used across Europe.
  • Phisher fraudsters are prepared to pay between $1,000 to $2,000 per month to rent access to a fast flux botnet.
  • Junk mail runs cost between $70 for a few thousand spam messages to around $1,000 for tens of millions of spam messages.
  • Search engine manipulating spam costs about $300 per month.
  • Adware installs rake in anything from 30 cents to $1.50 for each installed program. The average price of dropping a malicious program on a thousand computers in China is $3, compared to $120 for the same set of machines in the (obviously more affluent) US.

Namestnikov said that only co-ordinated enforcement actions by the IT industry, government and law enforcement - alongside greater attention to internet hygiene among end users - can hope to bring the cybercrime problem under control.

"The most effective method of combating botnets is close cooperation between antivirus experts, ISPs and law enforcement agencies," Namestnikov concludes. "Such cooperation has already resulted in the closure of three companies: EstDomains, Atrivo and McColo. Note that the closure of McColo, whose servers hosted command and control centres for several major spam botnets, resulted in a 50 per cent reduction in the amount of spam circulating on the Internet."

"After botnet owners moved their command and control centres to other hosting providers, it was ‘business as usual’ for them again. What is needed is a continual effort rather than occasional inspections. Sadly, chopping off one head of the hydra is not enough!"

The fight against botnets is hopeless without users playing a part, Namestnikov argues in a call for wider application of common-sense measures against hacker attacks.

"It is home computers that make up the lion’s share of the enormous army of bots," he writes. "Neglecting to stick to simple security rules, such as using antivirus software, using strong account passwords and disabling the AutoPlay feature for removable media, can result in your computer becoming another botnet member, providing cybercriminals with your data and resources." ®

Next gen security for virtualised datacentres

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.