How many botnet owners make money?

Posted: December 24, 2012 in Articles
Tags: , , , , , , ,

HackersCybercrime has become a source of considerable income even for the rank and file of shadow schemes, says consulting firm in the field of information security Fortinet.

Senior security analyst in the division of FortiGuard Fortinet Derek Manky spent more than a year for tracking online communities in which virtual intruders are a set of statements botnets. The company has recently released a ‘Report on Cybercrime in 2013’ (2013 Cybercrime Report), which provides a deep analysis of the organization of modern spam botnets.

Based on data collected was compiled peculiar ‘rating fees’ paid by the owners of networks of infected computers for a variety of operations on illegal advertising ezine or cracking.

“Before, botnet owners do it all yourself” – says Mankey. According to the report, the botnet now – it’s not just a network of infected PCs controlled by a lone attacker or group of anonymous individuals. Spamming has long become a full-fledged business – to serve its operations botnets as legitimate companies to recruit.

Taken separately botnet control includes a variety of tasks. Here, in addition to direct technical operations include, for example, legal advice, which help draw shady deal to lease or purchase of infected networks. Or services of brokers who register worldwide dynamically changing IP-addresses to disguise as the location and extent of the botnet services to combat cybercrime.

Specialist Commissioning ‘captcha’

‘Employees’ criminal enterprises, service providers botnets, all this brings a pretty good income. Exception – routine ‘dirty’ work, such as manual entry ‘captcha’, which attackers employ volunteers online.

If the system is automated spam submissions stumbles on Jabber, which on most web sites represented by a system CAPTCHA, spammers have always prepared one of those volunteers who manually enters the required word. Such small helpers recruited through online advertising, offering to make a ‘data entry’.

Cost “experts displayed in a CAPTCHA” cheap: for 1000 imposed combinations botnet owner pays $ 1 volunteer. However, even such routine work as manual entry of ‘captcha’, plays an important role in the daily operations of spam networks. The number of employees who are ready to engage in such work, determines the efficiency of bypass anti-spam protection and scope of distribution, which is capable of a botnet.

According to Mankiw, botnet owners use specialized software tools to monitor the performance of the executive order and its ’employees’. In this, they differ little from fellow executives in the legal business.

‘Black Administration’

Other operations are considered expensive. According to the report, Fortinet, fees operators conducting maintenance illegal advertising mailing, depending on the complexity of the problem can be from $ 80 to $ 400. Thus, technical advice on the design and configuration botnet bring single “black consultants” an average of $ 350 to $ 400 for a single treatment.

‘Black SEO’ paid about $ 80 for the 20 000 back links (backlinks) to the advertised site. But the massive bust passwords using cloud services (eg cloud cracking) is estimated at only $ 17 per 300 million attempts – it’s worth noting, however, that under proper facilities bust so many options is the strength of the 20 minutes.

For the introduction of malicious software are paying an average of $ 100 per 1,000 infected computers. According to Fortinet, this board is very dependent on the region, which is implementation. If $ 100-110 – normal figure for the United States, in South and East Asia, where epidemics are of a pandemic, with 1,000 computers attacker gets no more than $ 8.

Viral purchases

The greatest benefit are the developers of viruses and software to control the botnet and spam. Owners of networks of infected PCs are active procurement of software, keeping this from legitimate organizations.

For a copy of the ZeuS botnet code known spam network owners have to lay up to $ 3000. In second place is worth the price botnet Butterfly – $ 900. The price of a simple botnets often used in network surrendering a lease to the client (for example, the code of the Armenian Bredolab, recovered by reverse engineering), starts at $ 50.

Another profitable niche – self Viruses ‘Trojan’ for targeted attacks with remote access to the victim’s computer (eg, webcam) and a screen shot, costing the owner of a network of bots at about $ 250 for a new version. A spammer has to give so much for such well-known malware as Gh0st RAT, Poison Ivy or Turkojan.

Even higher valued sets exploits: recent GPack, MPack, IcePack and Eleonore sold for between $ 1,000 to $ 2,000. Prices of various ‘kriptore’, ‘packers’ and ‘binders’ – tools disguise malicious code and anti-virus protection from detection – range from $ 10 to $ 100.

Fortinet concludes cybercrime in today’s world, more and more and more a reflection of the legal business.

Derek Mankey leads an example: in one of the forums, which tracked the experts FortiGuard, analyzed data collected from 100,000 botnet of infected machines to determine the preferences of their owners. “It was a complete data mining” – said Mankey, noting industrial scale and methods of data collection and processing.

How to stop the growth of botnets? “In addition to fighting with the organizers, preventive approach may be a ban on the registration of a specific domain – offers Fortinet. – If the cybercrime to the methods of legal business, then you can act on it the same way – with the help of legal instruments. “

“An example is China, which after a lengthy criticism of the ineffective combat cybercrime, has taken some steps to limit the registration of its domain area, in particular – the need to design on paper that allows you to monitor those who registers” – says Fortinet . Another example – the working group on anti-trojan Conficker. The group found a way to filter out the domains that can be a potential source of the virus and to prevent their registration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s