Kaspersky Lab released some interesting statistics recently in a technical whitepaper. As part of its research into the cyber-underground, the company took a look at how botmasters are pricing the networks under their control.
The prices cover a fairly large range, and depend on both what buyers are interested in and what they plan to do with what they purchase. Here is a list of what Kaspersky found:
⢠Buying a botnet to launch a continuous 24-hour distributed-denial-of-service attack can cost from $50 to several thousand. ⢠A list of 1 million e-mail addresses can cost between $20 and $100, with spammers charging an additional $150 to $200 for a mailing to those million addresses. A targeted spam campaign can cost from $70 for a few thousand names to $1,000 for tens of millions of names.
⢠Spam meant to optimize a search engine ranking costs about $300 per month.
⢠Phishers pay $1,000 to $2,000 a month for access to fast-flux botnets. ⢠The lease of a mail botnet that can send about 1,000 messages a minute (with 100 zombie machines working online) is about $2,000 per month. Small botnets of a few hundred computers run from $200 to $700.
“As in the case of leasing, the price of a ready-made botnet depends on the number of infected computers,” blogged Yury Namestnikov, senior developer at Kaspersky Lab. “The Shadow botnet, which was created by a 19-year-old hacker from Holland and included over 100,000 computers, was put on sale for $36,000. This is enough to buy a small house in Spain, but the Brazilian cyber-criminal chose the botnet.”
Without help from users, combating botnets cannot be effective, the researcher contended.
“It is home computers that make up the lion’s share of the enormous army of bots,” Namestnikov said. “Neglecting to stick to simple security rules, such as using anti-virus software, using strong account passwords and disabling the AutoPlay feature for removable media, can result in your computer becoming another botnet member, providing cyber-criminals with your data and resources. Why help cyber-criminals?”