A sophisticated underground economy has grown up to exploit
the millions of personal computers that have been infected with
rogue software that turns them into "zombies" controlled by botnet
masters, says an IT security expert.
Yury Namestnikov, a security researcher with
Kaspersky Laboratories, a
Moscow-based IT security firm, says the past 10 years have seen
botnets evolve from small networks of a dozen PCs controlled from a
single C&C (command and control centre) into sophisticated
distributed systems comprising millions of computers with
decentralised control.
Poor security on home PCs is largely to blame for the prevalence
of botnets, says Namestnikov. Botnet masters sell or rent their
networks to other cybercriminals at prices that differ according to
the criminal's purpose (see below). Some are suspected of taking
government commissions to mask the identity of the real
attacker.
More and more botnet masters are using so-called fast flux
technology that changes the sending website address every few
minutes. This is to avoid detection and preserve their networks.
"Fast flux is better than proxy servers at hiding fake websites on
the web," says Namestnikov.
Some botnets are used to defraud online advertisers. Botnets can
send a single click from each PC to the target advertisement, such
as a competitor's Google Adwords advert, to drive up their
costs.
According to Click
Forensics, fraudulent clicks dropped from a record 17% late
last year to 14% in the first quarter of 2009.
"Click fraud traffic from malicious scripted programs increased
in Q1 2009," the firm said. Unlike botnets or malware, these new
threats are simple Javascript programs that execute upon a page
view or site visit. Ad networks were found to be especially
vulnerable to these attacks during the quarter, it said.
Most click fraud from outside the US came from Canada, UK and
Germany, it said.
Botnet price list
Botnet masters have several main sources of income: distributed
denial of service (DDoS) attacks, theft of confidential
information, spam, phishing, search engine optimisation (SEO) spam,
advertising click fraud, and distribution of adware and malicious
programs.
Kaspersky Laboratories has researched prices of illegal
applications advertised in chat rooms and clandestine websites to
reveal that:
- Hiring a botnet for DDoS attacks costs from $50 to thousands of
dollars for a continuous 24-hour attack.
- Stolen bank account details vary from $1 to $1,500 depending on
the level of detail and account balance.
- Personal data capable of allowing the criminals to open
accounts in stolen names costs $5 to $8 for US citizens; two or
three times that for EU citizens.
- A list of one million email addresses costs between $20 and
$100; spammers charge $150 to $200 extra for doing the
mailshot.
- Targeted spam mailshots can cost from $70 for a few thousand
names to $1,000 of tens of millions of names.
- User accounts for paid online services and games stores such as
Steam go for $7 to $15 per account.
- Phishers pay $1,000 to $2,000 a month for access to fast flux
botnets
- Spam to optimise a search engine ranking is about $300 per
month.
- Adware and malware installation ranges from 30 cents to $1.50
for each program installed. But rates for infecting a computer can
vary widely, from $3 in China to $120 in the US, per
computer.