Botnet Business Model Comes to Life

consumerist writes "Researchers at the German Honeynet Project have discovered that a malicious hacker earned about $430 in a single day installing spyware on computers in the latest Windows worm attack. Within 24 hours, the IRC-controlled botnet hijacked more than 7,700 machines via the Windows Server Service vulnerability (MS06-040) and hosed the infected computers with the spyware from DollarRevenue. The botnet operator made between a penny and 30 cents for every piece of spyware installed. Add that to the spam rental and DDoS extortion money and we have a booming business."

Everybody wins! (sort of.)

[JonTurner]

And for those persons affected, how much will they spend on antivirus software or tech service to remove the problems? A bunch. Think of how many people simply choose to buy a new system when their old one suddenly "wears out" (e.g. slows down due to virus/spyware infestation). Everybody's happy but the poor sap who owns the infected computer.

The people most likely to be harmed are those who are the least likely to know what to do about it. What a shame.

Re:Everybody wins! (sort of.)

[fmobus]

This is a clear example of broken window fallacy

Follow the Money

[AK+Marc]

This seems to be rather simple to me. Make it illegal to have gains from hijacked computers. DollarRevenue is paying people to create exploits. Shut down DollarRevenue and similar places, and the financial incentive for creating botnets will dry up. The only problem is that this would have to be an international effort, and if the USA wore a t-shirt, it would be the one with "does not play well with others" written across it in large letters.

Re:Follow the Money

[Shemmie]

We need a +1 Kinky

Money from DDOS

Add that to the spam rental and DDoS extortion money and we have a booming business.

Hey, ./ editors! Increase your profit! Get money from sysadmins for NOT posting links to their sites!

Cut up any part of the snake!

[Kesch]

I don't know who to be angry at. My list includes in order of hatred from greatest to least:

1) The asshat hackers who spread the worm
2) The companies that pay asshat hackers to shovel their crapware
3) The stupid people who actually give money to crapware companies and keep them alive

Honorable mention:

4) People who can't stop their system from being zombified.

Re:Cut up any part of the snake!

[jaredcat]

4) People who can't stop their system from being zombified.

You hate my grandma?

Did he get it?

[Godji]

While those infections could theoretically amount to that much money, did anyone actually pay the guy?

Most bots are not resource hogs

[winkydink]

They're designed to stay under the radar. The longer you control the machine, the more money you make. Virii, etc... are a different story.

Re:Most bots are not resource hogs

[Danga]

Using the word "virii" is a sign of somebody wanting to appear educated, and failing completely.

Or it's a sign of someone using a term that has pretty much become accepted now except by the language whores like you. When the OP said virii, I knew he was communicating virus in the plural form, so his communication worked. That is what language is for, communicating, as long as what you say is reasonably understandable by the people you are talking to then it is serving it's purpose. Grammar/English Nazi's such as yourself need to shut the hell up and complain about something that causes real problems such as young people growing up not understanding basic math such as trig/calculus.

Re:Most bots are not resource hogs

[PakProtector]

When the OP said virii, I knew he was communicating virus in the plural form,
(Emphasis added)

The point is that virii is not the plural of virus. Virus is the plural of virus in latin, and Viruses is the plural of virus in english. For Virii to even make sense as a Latin Plural of the Second Declension, the singular would have to be Virius. Not Virus. If Virus declined as a second declension noun, it would be viri -- confusable with the plural of the word that can be translated as 'hero or man' depending on context.

It's not that we're pedants -- I don't mind when someone corrects me when I'm wrong. What we're angry about is how ignorance has become acceptable. It used to be, when you were ignorant of something, you were corrected and you learned from it. How would you feel about this sort of behaviour if, instead of the virus/virri debate, it was TCP/IP/tubes debate?

Re:Eliminate it without government intervention.

[CosmeticLobotamy]

We don't need the government to solve this problem.

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

The first step people will need to do is dump Windows completely.

There we go. Now we're being realistic.

Fixed.

[The+Living+Fractal]

"Researchers at the German Honeynet Project have discovered that a malicious script-kiddie earned about $430 in a single day installing spyware on computers in the latest Windows worm attack."

I seriously doubt this guy deserves the moniker "hacker". More like thieving annoyance to all of humanity.

TLF

Your math is bad: $430/day = $67K/year

[xxxJonBoyxxx]

Your math is bad: $430/day = $67K/year

Try it this way. 240 working days a year x $430/day = $103,200
If you're an independent contractor, expect something like 35% tax.
That gets you down to about $67K/year.

Re:Oh, Canada!

[Kreigaffe]

Still, that 100% infection rate is nothing to be proud of.. ba-dum ching.

Thank to those hackers!

[d1g1t4l]

I earn $60/infected computer (to remove spywares)

Re:Eliminate it without government intervention.

[hullabalucination]

Yes. The last thing the government should be in the business of is making black-and-white issues where one person profits by hurting another into laws. Clearly another case of people asking big government to overstep its bounds.

Amen, brother! 'Cause we've all seen what a swell job the gov has done with just a few billion of our tax dollars annually with this War on Drugs thing. Why, you can't even buy any street drugs in any American city today. Unless you take off your badge first. Or stand on the corner of 6th and Jefferson (doesn't make any difference which city; they all have a 6th and Jefferson) and ask around for 30 seconds. Other than that, drugs have just completely disappeared thanks to the fear and loathing visited on those Columbian cocaine barrons by the thing they fear the most: a Senate Subcommittee recommending new, "tougher" laws.

Similarly, it'll be easy as pie to lower the boom on all those Chinese/Romanian/Kenyan/Palestinian/et al malware authors and the Chinese/Eastern European spam operators doing business with them. Just as soon as we get extradition treaties signed with those nations. Oughta happen in the next century or so. Personally, I'm holding my breath and hummin' 'Onward, Christian Soldiers' while I wait for the sudden, earth-shattering shift in international law enforcement cooperation that is surely soon to come. 'Cause let me tell ya, there's nothing that gets Romanian law enforcement all worked up into a fit of righteous indignation faster than the knowledge that young Romanian hackers are raising themselves above the poverty line off the gullibility of millions of clueless American Windows users. At least, that's what their ambassador keeps telling our ambassador.

Could I interest you in a dime of meth while we're waiting?

* * * * *

Buying the right computer and getting it to work properly is no more complicated than building a nuclear reactor from wristwatch parts in a darkened room using only your teeth.
--Dave Barry

Re:Won't even dent real crypto

[Sycraft-fu]

Well it couldn't break any encryption protecting anything important. These days most things tend to either be protected with something trivial (like CSS or old systems with 40-bit crypto) which can be cracked on any desktop in a couple weeks at most or something essentially unbreakable (like AES or 3DES). Even 3DES, old though it is, is essentially uncrackable in a reasonable amount of time. The record for DES cracking is held by EFF's deep crack and that did it in 22 minutes. But let's assume you have a cluster many times more powerful, it can do 10 DES keys a second, and assume the algorithm is equally efficient on 3DES. Your time? 228,493,131 years. Sure it's an order of magnitude better than AES, but still doesn't get you anywhere.

That's the thing about crypto is that larger keys really make the problem harder. I mean look at distributed.net. They broke RC5-56 in 250 days, RC5-64 in about 5 years. Currently they've been working on RC5-72 for about 3.8 years and have searched a grand total of 0.35% of the keyspace. At the current rate they have a 50% chance of cracking it in about 500 years. Remember that the speeds you see represent what happens with a large network of computers that gets faster all the time as systems are upgraded, and also as more join.

So anything that doesn't have a cryptographic flaw and is talking about keys in the 110+ bits range means you just can't get any aggregate of computers together to break the key in any kind of reasonable time. I mean even a couple years is unreasonable in most cases. Never mind trying to keep a botnet up and running for that time, the data you get is likely to be worthless. We aren't talking nuclear secrets here, we are talking like bank SSL sessions. Cracking that 5 years down the road isn't likely to give you anything usable.

I just don't know of anything major online that's being protected with something that's good enough to thwart a fast desktop, but not good enough to thwart a network of 100,000 of them.