Slashdot Mirror
Botnet Business Model Comes to Life
consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."
And for those persons affected, how much will they spend on antivirus software or tech service to remove the problems? A bunch. Think of how many people simply choose to buy a new system when their old one suddenly "wears out" (e.g. slows down due to virus/spyware infestation). Everybody's happy but the poor sap who owns the infected computer.
The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.
While those infections could theoretically amount to that much money, did anyone actually pay the guy?
This seems to be rather simple to me. Make it illegal to have gains from hijacked computers.
I was thinking of something a bit more proactive involving a deep hole, an ant colony, and plenty of honey.
TFA did point out that that's only one piece of adware he's installing. Multiply that by 10 or more. Then figure in the money from the botnet he's renting out to spammers. I'd say he's probably doing a lot better than you think.
-Mike
I'm sorry; I don't know what I was thinking!
When will we see bots that automatically patch their hosts, install anti-virus apps and lock down the browser?
After all, it's in the bot-master's best interest to maintain their bots.
They could even do some basic system improvements like hardware driver updates, defrag'ing the drives, cleaning out the browser cache and other temp files.
I earn $60/infected computer (to remove spywares)
Well it couldn't break any encryption protecting anything important. These days most things tend to either be protected with something trivial (like CSS or old systems with 40-bit crypto) which can be cracked on any desktop in a couple weeks at most or something essentially unbreakable (like AES or 3DES). Even 3DES, old though it is, is essentially uncrackable in a reasonable amount of time. The record for DES cracking is held by EFF's deep crack and that did it in 22 minutes. But let's assume you have a cluster many times more powerful, it can do 10 DES keys a second, and assume the algorithm is equally efficient on 3DES. Your time? 228,493,131 years. Sure it's an order of magnitude better than AES, but still doesn't get you anywhere.
That's the thing about crypto is that larger keys really make the problem harder. I mean look at distributed.net. They broke RC5-56 in 250 days, RC5-64 in about 5 years. Currently they've been working on RC5-72 for about 3.8 years and have searched a grand total of 0.35% of the keyspace. At the current rate they have a 50% chance of cracking it in about 500 years. Remember that the speeds you see represent what happens with a large network of computers that gets faster all the time as systems are upgraded, and also as more join.
So anything that doesn't have a cryptographic flaw and is talking about keys in the 110+ bits range means you just can't get any aggregate of computers together to break the key in any kind of reasonable time. I mean even a couple years is unreasonable in most cases. Never mind trying to keep a botnet up and running for that time, the data you get is likely to be worthless. We aren't talking nuclear secrets here, we are talking like bank SSL sessions. Cracking that 5 years down the road isn't likely to give you anything usable.
I just don't know of anything major online that's being protected with something that's good enough to thwart a fast desktop, but not good enough to thwart a network of 100,000 of them.