Posted on behalf of Martin Lee, Senior Software Engineer, Symantec Hosted Services
Recent reports have focused on several well-known botnets revealing millions of dollars in money trails associated with them. What many people may not realize is that botnets are often run like a business. The distribution of malware is an economic crime primarily undertaken to make money for the perpetrators. Most malware is written for the purpose of creating botnets, vast networks of virus infected computers under the control of a single gang. The gang then rents out the botnets to other criminals who use the computers within the botnet to make money.
The prices for rental of the botnet depend on the economic forces of supply and demand, the size of the botnet and the duration for which it is rented. Prices range from as low as $9 per hour to higher than $65 per hour.
But how do the criminals get money from their outlay?
1. Send spam.
MessageLabs Intelligence observes that infected computers within some botnets send on average more than 600 spam emails per second. A small botnet may easily comprise 10,000 infected computers. At this rate, a criminal could send 360 million emails during a single hour. A study of one spam-advertised pharmaceutical website found that 350 million spam emails only led to 28 sales, but at an average of $100 per sale, and an infinitesimally small cost per email, the researchers estimated that such websites could make $3.5 million per year.
2. Rob Bank Accounts.
The Zeus Trojan is specialised malware that interferes with the victim’s web browser so that when an online banking facility is accessed, the account is actually accessed through the malware. Once the victim is logged in to the banking website, the trojan makes transfers on the owner’s behalf from the hijacked bank account to the criminal’s money laundering network but hides these transactions from the owner’s online view of the account activity.
In October 2010, the FBI arrested a gang that had been using the Zeus Trojan to steal $70 million from internet bank accounts.
3. Launch Denial of Service Attacks.
Botnets can be used by criminals to facilitate a cyberspace version of an old fashioned protection racket. In the real world version, criminals demand payment from a shop keeper, and if they don’t receive payment the shop is damaged to ensure a loss of business. The internet version is a denial of service attack. The criminals demand payment from an internet business, typically before a busy time of year. If they don’t receive payment they instruct a botnet to repeatedly request the pages of the web site. This large number of requests overwhelms the business’s web server which is unable to show web pages to legitimate web site visitors and so the business loses money.
4. Steal Intangible Goods.
Just because something doesn’t physically exist doesn’t mean that it can’t be stolen. On line gaming is a massive business whereby participants spend hours playing games to earn trophies or special items. Because these items are difficult to earn, people are willing to pay real money to buy these in-game items so that they can acquire them for their game without having to spend hours of game play to earn them.
This market stimulates the development of malware that can steal game login credentials from infected computers so that criminals can illegally access game accounts and pass in-game items to their own accounts which can then be sold and passed to someone else’s account, just as with any other theft.
One gang in the Far East that specializes in such attacks made at least $140,000 from stealing intangible items from online gaming accounts.