Inside the Botnet Business: Getting Rich Quick off Security Threats | eWeek

Inside the Botnet Business: Getting Rich Quick off Security Threats

Écrit par
Brian Prince
Brian Prince
Aug 4, 2010
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Starting a career in cyber-crime operation is simple, but just how do attackers go about building a botnet into a multimillion dollar business?

During the Black Hat security conference in Las Vegas last week, Damballa Vice President of Research Gunter Ollmann gave attendees a behind-the-scenes view of how easily botnets can be built, and how attackers can turn a small network of infected computers into a million dollar operation.

“The biggest concern for botnet builders lies with attribution-i.e., things that can be tracked directly back to the individual,” he explained after the conference. “As such, budding botnet builders-at least those who have thought about things before tinkering-will focus on how to acquire free malware-building tools anonymously and how to use other free services to host critical infrastructure components.”

The most-common process tends to be for builders to develop kit-based, botnet malware such as Zeus, SpyEye and PoisonIvy , and have the malware hosted on free Web services, he added.

“Many early-stage botnet builders utilize deception to trick their victims into installing the malware on their computers-but most eventually evolve into more sophisticated campaigns that involve fake Websites and Web browser exploitation,” Ollmann said. “A key component in building botnets lies with the management of Domain Name System (DNS). As such, free Dynamic DNS providers are preferred service providers for botnet builders-especially when [the botnets] can be set up and managed anonymously.”

From there, it’s time to talk business plan. There are botnets involved in spamming, rogue antivirus and other schemes. Today, however, the highest cash reward versus the likelihood of being noticed by law enforcement would be “identity laundering.”

“Identity laundering is the process of taking all of the identity information observed on a botnet victim’s machine, and laundering the information through gray-market and legitimate sites/services that pay for the information and resell [it] to legitimate companies,” he said. “Through this laundering process, a botnet operator can turn a 0.1 cent record into 30 cents, and that information gets consumed by legitimate organizations. By making use of existing lead-affiliate programs [also known as “lead-generation” programs], it’s possible to earn up to $20 per record. Most importantly, though, the likelihood of detection by the victims is practically nonexistent, and in many ways no financial fraud is being perpetuated.”

Most botnets are run by professional teams, who may be involved with multiple botnets at any one time, Ollmann said. Many of the botnets are around 2,000-strong, with those operating within enterprises being even smaller-typically having only a few hundred bots.

“That’s not to say that the large named botnets-e.g., Koobface, Conficker, Bobax, etc.-don’t also manage to penetrate enterprise networks and aren’t large,” he said. “These botnets can reach the millions in size-but are only a tiny fraction of the botnet business. The vast majority of criminal botnet operators intentionally focus on avoiding detection, and size will get you noticed the quickest.”

Managing a botnet is usually easy, especially if the botnet builder uses popular do-it-yourself construction kits, he added. These management consoles already come equipped with functionality to manage stolen identity information, coordinate and batch instructions to infected computers, as well as other capabilities.

“The tools are plentiful and, if they’re not free, they’re cheap,” Ollmann said. “Even the most expensive, fully supported, cutting-edge, criminal do-it-yourself kits can be acquired for a few thousand dollars, with a lesser annual subscription-renewal fee. Given the sophistication of these kits, their capability of administering hundreds of thousands of botnet victims, and their command-and-control infrastructure, many legitimate commercial cloud providers could probably learn from their tried-and-tested techniques.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.