Please create an account to participate in the Slashdot moderation system


Forgot your password?

Botnet Business Model Comes to Life 192

consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."
This discussion has been archived. No new comments can be posted.

Botnet Business Model Comes to Life

Comments Filter:
  • by JonTurner ( 178845 ) on Friday September 08, 2006 @08:49PM (#16070020) Journal
    And for those persons affected, how much will they spend on antivirus software or tech service to remove the problems? A bunch. Think of how many people simply choose to buy a new system when their old one suddenly "wears out" (e.g. slows down due to virus/spyware infestation). Everybody's happy but the poor sap who owns the infected computer.

    The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.
    • by fmobus ( 831767 ) on Friday September 08, 2006 @08:53PM (#16070040)
      This is a clear example of broken window fallacy []
    • by winkydink ( 650484 ) * <> on Friday September 08, 2006 @09:18PM (#16070106) Homepage Journal
      They're designed to stay under the radar. The longer you control the machine, the more money you make. Virii, etc... are a different story.
      • They're designed to stay under the radar. The longer you control the machine, the more money you make.

        When will we see bots that automatically patch their hosts, install anti-virus apps and lock down the browser?

        After all, it's in the bot-master's best interest to maintain their bots.

        They could even do some basic system improvements like hardware driver updates, defrag'ing the drives, cleaning out the browser cache and other temp files.
      • by jimicus ( 737525 )
        They're designed to stay under the radar

        Well in that case they're not designed very well.
    • Everyone here knows there are alternatives to running Windows on PC's.

      I use my livecd linux (screenshots below), and lately I have been installing the system on machines allowing booting without a CD, or a boot: prompt, using MSDOS batch files.

      I keep Windows 98 on the boxes, sometimes formatting and doing a clean install, but without any internet connection applications (won't be needed, will be going onto the internet using Linux).

      Not really necessary to partition the drive for a swap partition, when k

    • I earn $60/infected computer (to remove spywares)
      • Now all you need to do is get 400 some od dollars infecting them and reap the rewards.

        How many $60 spyware removals can come from a $430 worth of infecting? I wonder if the ethics or legalities change with the direct relationship of intent. I mean infecting to become rich from adware companies verses adware companies becoming rich by selling advertisments to be displayed in infected computers verses infecting computers to get the business of removing the infections? That is if I hire a hacker/cracker to do
    • by dfinster ( 65564 )
      I agree, it's criminal. This guy gets a few cents to install the crap. I get called out to remove it.

      A typical service call to remove crap:
      • Travel charge - $15 to $35 depending on distance.
      • Spyware removal - 1 to 2.5 hours depending on infection (and a lot depends on the speed of the machine) It's sad but true that low end machines take longer to clean, so I spend more time on site, so I cost more in the end.
      • Training and prevention - another hour or so.

      In the end - the bill is usually a couple hu

    • A penny here, a penny there...who cares?
    • by deblau ( 68023 )
      And for those persons who may not have gotten the reference, see the parable of the broken window [].
  • Follow the Money (Score:5, Insightful)

    by AK Marc ( 707885 ) on Friday September 08, 2006 @08:49PM (#16070023)
    This seems to be rather simple to me. Make it illegal to have gains from hijacked computers. DollarRevenue is paying people to create exploits. Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up. The only problem is that this would have to be an international effort, and if the USA wore a t-shirt, it would be the one with "does not play well with others" written across it in large letters.
    • There's still phishing, spamming, click fraud and data mining; all of these are currently being done with botnets. Wait until the bad guys get serious and try things like breaking encryption... Nothing like have 100k cpus at your disposal... then we all sh!t our pants.
      • You could throw every comptuer on the planet at a single 128-bit AES key and not break it until the sun goes dark, never mind 256-bit crypto. Remember: If you have something that can break a given 64-bit key for a given crypto system in 1 second it would take 584,942,417,355 years to break a 128-bit key in teh same system with the same hardware.
        • Yes, AES is quite strong but is not the only encryption method used today; many weaker methods are still commonplace. I'm not saying one could use a botnet to break *any* encryption.
          • by Sycraft-fu ( 314770 ) on Saturday September 09, 2006 @03:14AM (#16070781)
            Well it couldn't break any encryption protecting anything important. These days most things tend to either be protected with something trivial (like CSS or old systems with 40-bit crypto) which can be cracked on any desktop in a couple weeks at most or something essentially unbreakable (like AES or 3DES). Even 3DES, old though it is, is essentially uncrackable in a reasonable amount of time. The record for DES cracking is held by EFF's deep crack and that did it in 22 minutes. But let's assume you have a cluster many times more powerful, it can do 10 DES keys a second, and assume the algorithm is equally efficient on 3DES. Your time? 228,493,131 years. Sure it's an order of magnitude better than AES, but still doesn't get you anywhere.

            That's the thing about crypto is that larger keys really make the problem harder. I mean look at They broke RC5-56 in 250 days, RC5-64 in about 5 years. Currently they've been working on RC5-72 for about 3.8 years and have searched a grand total of 0.35% of the keyspace. At the current rate they have a 50% chance of cracking it in about 500 years. Remember that the speeds you see represent what happens with a large network of computers that gets faster all the time as systems are upgraded, and also as more join.

            So anything that doesn't have a cryptographic flaw and is talking about keys in the 110+ bits range means you just can't get any aggregate of computers together to break the key in any kind of reasonable time. I mean even a couple years is unreasonable in most cases. Never mind trying to keep a botnet up and running for that time, the data you get is likely to be worthless. We aren't talking nuclear secrets here, we are talking like bank SSL sessions. Cracking that 5 years down the road isn't likely to give you anything usable.

            I just don't know of anything major online that's being protected with something that's good enough to thwart a fast desktop, but not good enough to thwart a network of 100,000 of them.
            • by jimicus ( 737525 )
              We aren't talking nuclear secrets here, we are talking like bank SSL sessions.

              If you've got software on someone elses computer, why bother cracking the bank SSL session? Just run a keylogger and pick up anything which looks like a username/password.

              Or, if you want to be really smart (and I bet you anything you like if it hasn't been done yet, sooner or later it will be), replace the DLLs which handle SSL transactions in IE with versions hacked to log what goes on and report back,
    • Yeah. At this rate, the US will get rid of spam by dropping computer-guided bombs at servers in China and Russia. It'll be kind of ironic, actually, the computer-on-computer violence.
    • >Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up.

      Taking away the financial incentive and leaving the field to the ego-driven would certainly reduce the problem and give us room to breathe.

      Unfortunately, DDoS extortion is a revenue stream that could keep botnets profitable even after cutting off the air supply of advertising money.
  • by Anonymous Coward on Friday September 08, 2006 @08:52PM (#16070036)
    Add that to the spam rental and DDoS extortion money and we have a booming business.

    Hey, ./ editors! Increase your profit! Get money from sysadmins for NOT posting links to their sites!
  • by Kesch ( 943326 ) on Friday September 08, 2006 @08:56PM (#16070054)
    I don't know who to be angry at. My list includes in order of hatred from greatest to least:

    1) The asshat hackers who spread the worm
    2) The companies that pay asshat hackers to shovel their crapware
    3) The stupid people who actually give money to crapware companies and keep them alive

    Honorable mention:

    4) People who can't stop their system from being zombified.
  • Did he get it? (Score:5, Interesting)

    by Godji ( 957148 ) on Friday September 08, 2006 @08:58PM (#16070062) Homepage
    While those infections could theoretically amount to that much money, did anyone actually pay the guy?
    • by Kesch ( 943326 )
      Here's an answer in the form of a rhetorical question, "Would he be doing this if there wasn't money to be made."

      Also in TFA it links to another article where I guy listened in on an irc control channel and eventually followed instructions to a flood of spam running through the botnet which shows that these guys are at least making cash renting out bots to spammers.
      • by DoninIN ( 115418 )
        Ever hear of Amway? Or seen all those work at home ads? I don't know if he actualy got paid or not, but just like the "send one dollar to each of the names on this list" scams the meme may very well be better at spreading itself in the anticipation of of making some money than it is at making money.
    • by jimicus ( 737525 )
      Obviously, I can't say for sure, but at a wild guess, I'd say that if you're going to be buying such a service from some dodgy hacker type, it's probably a good idea to pay them.
  • Ignore the fact that bad security in Windows is the cause of this. If you want to kill off bozo's like dollarrevenue and make a good dollar, simply create concurrent fake windows, do the infection, collect; kill it; repeat. You will drain the company or they will have to lower the rates or insist on longer infection time. Basically, this will remove the incentives from doing their dirty work.
  • Fixed. (Score:5, Insightful)

    by The Living Fractal ( 162153 ) < minus poet> on Friday September 08, 2006 @09:52PM (#16070188) Homepage
    "Researchers at the German Honeynet Project have discovered that a malicious script-kiddie earned about $430 in a single day installing spyware on computers in the latest Windows worm attack."

    I seriously doubt this guy deserves the moniker "hacker". More like thieving annoyance to all of humanity.

  • We have a new business modle based on LiveCD OSes which interface to web OSes (YouOS has been covered recently). This way, only the central servers for the web OS need to be highly secured and the rest is read-only and rebootable if anything goes wrong.

    The only problem here is a need for an internet connection, which is clearly taken care of if infection are a worry.
    • A "frugal install" on hard disk or compact flash is an excellent alternative to live CDs. You retain the use of your CD drive and of any other drives/partitions, and may create a persistent home directory or not as you wish. See the Damn Small Linux forums for info and help on setting up frugal installs. If anything gets hosed, you can easily use the same CD your installed with to repair any problems.
  • Oh, Canada! (Score:2, Funny)

    by Anonymous Coward
    >In this case, Holz counted 998 installations in the United States, 20 installations in Canada,
    >103 in the United Kingdom, 756 in China and about 5,800 in other countries.

    20 PCs in the whole freaking country? I am proud to be Canadian for once.
  • This is NOT a business model. This is hacking people's systems, without their knowledge, and using it for someone else's purposes. It's stealing, computing resources and the people's time that it costs to get rid of the stuff. I'd be willing to bet a lot of the people effected by this end up having to pay to have it removed (by Geek Squad or some other overpriced outfit).

    I'm sure if this happened to the /. editor's systems, or whomever posted this article, THEY wouldn't consider this a "business mode
  • This business does not sound too profitable to me.
    He likely spend much longer in preparation of the worm, and once the exploit is fixed the worm recognised by scanners and the pool of vulnerable pcs exhausted his income will dwindle until the next big exploit.

    So at most he can make a couple hundreds per month.
    Addidtionally he cannot sue for his payments and is totaly dependant on the good will and honesty of companies that generally don't seem to have any. And he risks being caught and prosecuted.

    Why would
  • All online advertisers know that spyware makes money. It also burns your distribution pipes, but that's not important when you're going bankrupt. You'll see struggling NETWORKS use more and more ads, then more and more intrusive ads before outright spyware installs. 430$ a day is ridiculously small potatoes. A small ad network has access to 12 million unique IPs a day and you make thousands legitimately on that. Spyware installs get you the hundreds of thousands up front, when you need it and want out.
  • $430 in one day? So what?

    That's not exactly a lot of money - and I doubt he's earning that *every* day.

    I don't see what the big deal is.
    • by julesh ( 229690 )
      Agreed. The skills required to set up a botnet are no easier to master than many other skills: the ones that can earn a consultant that kind of money before lunchtime, if he rolls into the office late in a day, for example. And about as reliable; I'd guess that this script kiddie's going to get no more than a few tens of jobs per year. There's not a whole lot of demand for botnets, and there's plenty of people will the skill"z" to create them. $8,000 per annum doesn't seem like a great salary to me. Ev
  • Its about who has the knowledge that survives.
  • by drDugan ( 219551 ) * on Saturday September 09, 2006 @02:41AM (#16070726) Homepage
    The obvious next step is to create voluntary nets and distribute the profits.

    I'd join one, why not? This is one reason why the online advertising model will eventually fail. You never really know if a computer or a real human being is on the other end of the connection.

    I'd set up a box with Xen partitions and join multiple times.

    • Unfortunately, at a maximum of $0.30 per machine, you're not going to make much money infecting yourself. Maybe with a few thousand virtual machines you can, and you've got the advantage that it's much faster and cheaper to clean a virtual machine than a real one :-) The problem there is that usually a virtual machine is going to cost you an IP address, so unless the DollarRevenue scumwaremeisters are going to accept lots of machines behind the same NAT, most people don't have the necessary resources exce
  • When I write my ultimate badmalspyware, I'm going to blackmail the world for ONE MILLION DOLLARS. I'll be laughing at the schmo who only got $430.

To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire