Botnet Business Model Comes to Life

consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."

Everybody wins! (sort of.)

[JonTurner]

And for those persons affected, how much will they spend on antivirus software or tech service to remove the problems? A bunch. Think of how many people simply choose to buy a new system when their old one suddenly "wears out" (e.g. slows down due to virus/spyware infestation). Everybody's happy but the poor sap who owns the infected computer.

The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.

Re:Everybody wins! (sort of.)

[fmobus]

This is a clear example of broken window fallacy

Follow the Money

[AK+Marc]

This seems to be rather simple to me. Make it illegal to have gains from hijacked computers. DollarRevenue is paying people to create exploits. Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up. The only problem is that this would have to be an international effort, and if the USA wore a t-shirt, it would be the one with "does not play well with others" written across it in large letters.

Re:Follow the Money

[Danga]

Yeah! And they should make it illegal to have gains from selling liquor...no wait. I mean cocaine. Especially bad cocaine. Yeah that's it.

You are comparing selling something which requires the buyer to willingly do harm to themself versus taking over someone elses property without their permission and using that property for personal gain (while annoying a shitload of people at the same time). If someone wants to harm themself, then I say make it legal, however using someone elses property for personal gain without their explicit permission SHOULD be illegal in ALL forms.

Re:Follow the Money

[Shemmie]

We need a +1 Kinky

Money from DDOS

Add that to the spam rental and DDoS extortion money and we have a booming business.

Hey, ./ editors! Increase your profit! Get money from sysadmins for NOT posting links to their sites!

Cut up any part of the snake!

[Kesch]

I don't know who to be angry at. My list includes in order of hatred from greatest to least:

1) The asshat hackers who spread the worm
2) The companies that pay asshat hackers to shovel their crapware
3) The stupid people who actually give money to crapware companies and keep them alive

Honorable mention:

4) People who can't stop their system from being zombified.

Re:Cut up any part of the snake!

[jaredcat]

4) People who can't stop their system from being zombified.

You hate my grandma?

Re:Cut up any part of the snake!

[Anne+Thwacks]

Not to mention the Sh*t US government who knows the name address and bank account details of the companies doing this, and does f*** all to stop them, while helping the **AA sue grannies and pre-teens. The "war on Terror" should start with the Bush administration!

Did he get it?

[Godji]

While those infections could theoretically amount to that much money, did anyone actually pay the guy?

Most bots are not resource hogs

[winkydink]

They're designed to stay under the radar. The longer you control the machine, the more money you make. Virii, etc... are a different story.

Re:Most bots are not resource hogs

[Danga]

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

Or it's a sign of someone using a term that has pretty much become accepted now except by the language whores like you. When the OP said virii, I knew he was communicating virus in the plural form, so his communication worked. That is what language is for, communicating, as long as what you say is reasonably understandable by the people you are talking to then it is serving it's purpose. Grammar/English Nazi's such as yourself need to shut the hell up and complain about something that causes real problems such as young people growing up not understanding basic math such as trig/calculus.

Re:Most bots are not resource hogs

[PakProtector]

When the OP said virii, I knew he was communicating virus in the plural form,
(Emphasis added)

The point is that virii is not the plural of virus. Virus is the plural of virus in latin, and Viruses is the plural of virus in english. For Virii to even make sense as a Latin Plural of the Second Declension, the singular would have to be Virius. Not Virus. If Virus declined as a second declension noun, it would be viri -- confusable with the plural of the word that can be translated as 'hero or man' depending on context.

It's not that we're pedants -- I don't mind when someone corrects me when I'm wrong. What we're angry about is how ignorance has become acceptable. It used to be, when you were ignorant of something, you were corrected and you learned from it. How would you feel about this sort of behaviour if, instead of the virus/virri debate, it was TCP/IP/tubes debate?

Re:Most bots are not resource hogs

[sumdumass]

I used to hate "virii" too, but then I realized instead of complaining about it everytime someone used it I would just go the logical route and convert virii to viruses transparently in my brain. It takes minimal effort to do that and makes life easier overall.

I'll admit I am the last person that should be getting pedantic on spelling or grammar. I think I already misspelled a dozen words in this post. But, and this is a bug but....

I have noticed that some things make it more confusing when you just let it slide. I remeber a client insisting her CPU was bad and it was my fault. She told me her explorer wouldn't open, her email was all lost and the burner wouldn't heat up. Well evedently someone explained to her the tower was the CPU, explorer was the thing that got her interweb and a CD burner actualy baked information on the cd (well it sort of does). She continued to school me on some other things and ended up telling me I didn't know as much as her about computers and she was regretting even calling me to help her switch ISPs. She demanded i come over right away and undo whatever i screwed up.

Ended up being her new cable modem was pluged into a different power strip that she used to control the lights. Guess what happened when the light were off and she tried to surf the interweb. But instead of looking at the cable modem to see if it was on, she tried to connect the old way with the modem. With the phone line unpluged it was giving a (680 i think) error about the diel tone (thats were i fried the CPU). and of course all her jokes and previous emails weren't accessable from the new acount. I would have just changed server and logon information but her former ISP used some extention to OE that didn't seem to allow any setting to be changed. It even had a different interface apearance, sort of like when dealing with older AOL versions. And to top it all, she was trying to use the cdrom to burn and some one told her it should feel warm because it has to preheat before it can burn information to the CD. After asking she admited she never burnt anything before but had to because she couldn't email some 90k file to some one.

Now asking how she knew her email and explorer didn't work if the cpu was fried probably wasn't a good way to start this support ticket off. I get so bent when some one is talking about one thing, using lingo from a "tech power words for dummies" book then to find out they are trying to say something as simple as the internet doesn't work and I don't think my burner is working too. One girl said she couldn't hover. I thought it was a joke, my mind went directly to the thing girls do when peeing in a public restroom to aviod touching the seat. Turns out she was actualy complaining that the context menu disapeared when the mouse was placed over a file but i had no idea. She didn't think my laughing was funny at all.

It doesn't take much to go from, "I knew what they ment" to misunderstanding the meaning of the statment. Sometimes these little pedantic asshats need to be that way. Other times it is just so they can walk around at half mast or pop a tent in thier pants. The first time I read the word virri, I didn't know what was ment. Now i can understand just like you do.

Re:Computer Crime

[MLease]

TFA did point out that that's only one piece of adware he's installing. Multiply that by 10 or more. Then figure in the money from the botnet he's renting out to spammers. I'd say he's probably doing a lot better than you think.

-Mike

Re:Eliminate it without government intervention.

[CosmeticLobotamy]

We don't need the government to solve this problem.

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

The first step people will need to do is dump Windows completely.

There we go. Now we're being realistic.

Fixed.

[The+Living+Fractal]

"Researchers at the German Honeynet Project have discovered that a malicious script-kiddie earned about $430 in a single day installing spyware on computers in the latest Windows worm attack."

I seriously doubt this guy deserves the moniker "hacker". More like thieving annoyance to all of humanity.

TLF

Oh, Canada!

>In this case, Holz counted 998 installations in the United States, 20 installations in Canada,
>103 in the United Kingdom, 756 in China and about 5,800 in other countries.

20 PCs in the whole freaking country? I am proud to be Canadian for once.

Re:Oh, Canada!

[Kreigaffe]

Still, that 100% infection rate is nothing to be proud of.. ba-dum ching.

Which bring up an interesting concept.

[khasim]

They're designed to stay under the radar. The longer you control the machine, the more money you make.

When will we see bots that automatically patch their hosts, install anti-virus apps and lock down the browser?

After all, it's in the bot-master's best interest to maintain their bots.

They could even do some basic system improvements like hardware driver updates, defrag'ing the drives, cleaning out the browser cache and other temp files.

Your math is bad: $430/day = $67K/year

[xxxJonBoyxxx]

Your math is bad: $430/day = $67K/year

Try it this way. 240 working days a year x $430/day = $103,200
If you're an independent contractor, expect something like 35% tax.
That gets you down to about $67K/year.

Re:Your math is bad: $430/day = $67K/year

[jimicus]

If you're an independent contractor, expect something like 35% tax.

Riiiiighhht. I can just see the tax form now:

TAX FORM 2006/7

Answer all questions in full, or write "NOT APPLICABLE" if the question does not apply

How much money did you earn in the tax year 2006/2007? $103,200
What was the source of this income? Illegally hacking overseas computers, extorting money through making DDoS threats

Thank to those hackers!

[d1g1t4l]

I earn $60/infected computer (to remove spywares)

Re:Eliminate it without government intervention.

[hullabalucination]

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

Amen, brother! 'Cause we've all seen what a swell job the gov has done with just a few billion of our tax dollars annually with this War on Drugs thing. Why, you can't even buy any street drugs in any American city today. Unless you take off your badge first. Or stand on the corner of 6th and Jefferson (doesn't make any difference which city; they all have a 6th and Jefferson) and ask around for 30 seconds. Other than that, drugs have just completely disappeared thanks to the fear and loathing visited on those Columbian cocaine barrons by the thing they fear the most: a Senate Subcommittee recommending new, "tougher" laws.

Similarly, it'll be easy as pie to lower the boom on all those Chinese/Romanian/Kenyan/Palestinian/et al malware authors and the Chinese/Eastern European spam operators doing business with them. Just as soon as we get extradition treaties signed with those nations. Oughta happen in the next century or so. Personally, I'm holding my breath and hummin' 'Onward, Christian Soldiers' while I wait for the sudden, earth-shattering shift in international law enforcement cooperation that is surely soon to come. 'Cause let me tell ya, there's nothing that gets Romanian law enforcement all worked up into a fit of righteous indignation faster than the knowledge that young Romanian hackers are raising themselves above the poverty line off the gullibility of millions of clueless American Windows users. At least, that's what their ambassador keeps telling our ambassador.

Could I interest you in a dime of meth while we're waiting?

* * * * *

Buying the right computer and getting it to work properly is no more complicated than building a nuclear reactor from wristwatch parts in a darkened room using only your teeth.
--Dave Barry

Survival of the fittest

[kotuday]

Its about who has the knowledge that survives.

voluntary nets

[drDugan]

The obvious next step is to create voluntary nets and distribute the profits.

I'd join one, why not? This is one reason why the online advertising model will eventually fail. You never really know if a computer or a real human being is on the other end of the connection.

I'd set up a box with Xen partitions and join multiple times.

Re:Won't even dent real crypto

[Sycraft-fu]

Well it couldn't break any encryption protecting anything important. These days most things tend to either be protected with something trivial (like CSS or old systems with 40-bit crypto) which can be cracked on any desktop in a couple weeks at most or something essentially unbreakable (like AES or 3DES). Even 3DES, old though it is, is essentially uncrackable in a reasonable amount of time. The record for DES cracking is held by EFF's deep crack and that did it in 22 minutes. But let's assume you have a cluster many times more powerful, it can do 10 DES keys a second, and assume the algorithm is equally efficient on 3DES. Your time? 228,493,131 years. Sure it's an order of magnitude better than AES, but still doesn't get you anywhere.

That's the thing about crypto is that larger keys really make the problem harder. I mean look at distributed.net. They broke RC5-56 in 250 days, RC5-64 in about 5 years. Currently they've been working on RC5-72 for about 3.8 years and have searched a grand total of 0.35% of the keyspace. At the current rate they have a 50% chance of cracking it in about 500 years. Remember that the speeds you see represent what happens with a large network of computers that gets faster all the time as systems are upgraded, and also as more join.

So anything that doesn't have a cryptographic flaw and is talking about keys in the 110+ bits range means you just can't get any aggregate of computers together to break the key in any kind of reasonable time. I mean even a couple years is unreasonable in most cases. Never mind trying to keep a botnet up and running for that time, the data you get is likely to be worthless. We aren't talking nuclear secrets here, we are talking like bank SSL sessions. Cracking that 5 years down the road isn't likely to give you anything usable.

I just don't know of anything major online that's being protected with something that's good enough to thwart a fast desktop, but not good enough to thwart a network of 100,000 of them.