Rent Your Own Botnet

An anonymous reader writes "New research shows that the TDSS/TDL-4 botnet, widely considered one of the largest and most sophisticated, can be rented via a Web storefront available to all comers. Researchers from Kaspersky found that the latest version of TDSS installs a file that sets the machine up as a proxy for anonymous browsing, and then phones home to awmproxy.net, which rents the proxies for rates from $3 per day to $300 a week. The curators of this service even created a Firefox add-on to help customers. 'Interestingly, AWMproxy says it accepts payment via PayPal, MasterCard, and Visa.'"

The site uses Google Analytics

[Animats]

The site is real, and amusing.

It's hosted by Leaseweb. It uses Google Analytics, with Google ID 'UA-3816538-24'.

Re:The site uses Google Analytics

[ge7]

To me it looks more like a proxy site. It doesn't really say anywhere it's a botnet. I guess you could install TOR end nodes on botnet too, does that make TOR illegal?

Gosh really?

I've always wanted to be a dark and mysterious marionette. And for 3 bucks a day? Gosh, Golly!

I can't find it on that site, but ...

[khasim]

I wonder if you can specify the IP address range of the "proxies" you'd want.

First off, to see if any machines that you're responsible for have been cracked.

Secondly, penetration tests. Why bother with SQL injections and such if you can just rent half a dozen pre-cracked boxen there.

Everything about that site is wrong

They say upfront that you can do illegal things with the proxy, thousands of proxies that only last a few hours, many availible during the day then at the early night hours. Yeah, this is a legit site. Makes me wonder how many people acually pay for the proxies. Especially given that the people who use the site will likely know where the proxies come from. But then again, they are "private with no logs." You can trust a company that uses proxies that phone in with know viruses on them.

Here's how it works.

[Arancaytar]

Publish some leaked secrets and get your accounts repeatedly frozen. Blatantly engage in electronic fraud, computer intrusion and spamming, and bill for these services via credit card with impunity.

Re:Here's how it works.

Idiot. There's no conspiracy here. Wikileaks got the attention of the press and authorities very quickly. This rent-a-bot site is just now making news, and when the payment processors get word of it, they will cut off business.

CAPTCHA: Stoned. You must be smoking something...

Re:Here's how it works.

> when the payment processors get word of it, they will cut off business.

Huh? Call up a credit card company and tell them they are allowing people to rent botnets by using said credit card. They will have no idea wtf you are talking about, and they certainly wouldn't care. It will take courts/governments to get them to stop accepting the charges for these services. And even then it its a one-off thing. Credit card companies don't have a toggle button that turns off CC payments that go to botnet managers.

I agree that something may eventually get done about it, but this 'oh the cc companies will figure out ALL about this and the problem will go away shortly' is naive.

Re:Here's how it works.

[mug+funky]

call up a credit card company and talk to one of the call centre folks on the ground about cyber security... yeah, good luck with that.

if you were to ask to speak to a manager, saying that their services are being used by criminal gangs to commit fraud and money laundering, you'll get a bit further.

Re:Here's how it works.

[RobertLTux]

or better yet if you introduce your self as Special Agent Mug Funky (or whatever your DL says) and state that you are currently investigating a possible crime then maybe you might get some action (and if you are actually SA Funky it might be legal to do so :) )

bitcoins?

[vlm]

Interestingly, AWMproxy says it accepts payment via PayPal, MasterCard, and Visa.

Do they accept payment in bitcoin and is the botnet big enough to mine more BTC/hr than the rental cost in BTC/hr? Hmm.

Re:bitcoins?

Good thinking....hmmmm

Re:bitcoins?

[retchdog]

is the rental cost below ~15 cents per hour? probably not.

Re:bitcoins?

Even if you can't make money on those things with BitCoin, if they accepted BioCoin payments (LOLZ) that would make it possible to rent these systems 100% anonymously, and would finally provide a use for BitCoins.

Re:bitcoins?

[Timmmm]

No, and obviously not since you can only use the machines as a proxy.

Re:bitcoins?

[vlm]

No, and obviously not since you can only use the machines as a proxy.

Ah, I misread, I thought the proxy site was purchasing botnet time for resale as proxies.

Re:bitcoins?

[Yamioni]

Three dollars a day is 12.5 cents an hour. Now can you actually turn out more than 12.5 cents worth of bitcoins per hour on what you're renting with that money? Probably not. I haven't visited the site since I'm at work, but I'm guessing the $3 a day figure is for renting a single box for proxied web browsing, not anything capable of doing any heavy lifting.

Re:bitcoins?

[retchdog]

yeah, it comes down to whether these trailer parkers with 0wned boxes have serious GPUs. the answer to that is no, and if they did i'm sure the "owners" would be mining the btc themselves.

Of course they accept Visa.

[Elbart]

Those bots aren't a threat to US-American hegemony. An when there's a buck to be made... "(Thug-)Life takes Visa."

Re:Of course they accept Visa.

[Warwick+Allison]

If you don't love the free market, why don't you go back to Russia, you Commie!

Ah... oh..... I see.

Re:Of course they accept Visa.

[scarboni888]

So people who don't like corruption and injustice should move somewhere it's even worse or they should just stfu and love the garbage they're steeped in, right?

Lovely.

Re:Of course they accept Visa.

[mug+funky]

WHOOOSH!

I Love the Future!

Wow! Just, wow! I mean, I can rent a freaking botnet, and put it on my MasterCard!

One would think the authorities, or at least some soveriegn government entity, would go after this sort of project and kill it, and possibly those who were providing it, but lo and behold, here it is readily accessible to anyone with a vengeance or a mind for lulz.

The future is wide open, and I can't wait to see what's coming next!

Re:I Love the Future!

[Zibblsnrt]

Wow! Just, wow! I mean, I can rent a freaking botnet, and put it on my MasterCard!

The nature of the whole enterprise being what it is, I imagine the idea's more that you rent a freaking botnet and put it on someone else's MasterCard.

Clean 'em up?

[Urban+Garlic]

So can you rent the botnet, and run a program that disinfects the botnet systems? Seems like that'd be a nice bit of white-hattery...

Re:Clean 'em up?

[PPH]

You'll never get your damage deposit back.

Wikileaks

[Kamiza+Ikioi]

Maybe Wikileaks should have been a botnet.

Via MasterCard and Visa? Sure!

[GameboyRMH]

Yeah you can buy whatever you want with MC/Visa: nazi/white supremacist paraphernalia, a donation to the KKK, some botnet time, whatever, just don't try to donate to Wikileaks or buy anything of questionable copyright status!

Re:Via MasterCard and Visa? Sure!

[spauldo]

Donating to white supremacist causes is covered by the first amendment.

It's not actually illegal to be an asshole. Sure, a KKK member legally can't turn down a black man's job application based on his race, but he's within his rights to feel that the law should be changed to allow him to do so. This same right protects a lot of good stuff as well.

Buying botnet time is probably illegal. Buying pirated goods is illegal. Donating to Wikileaks shouldn't be illegal, but the government probably considers them a 'terrorist group' or something, and donating money to terrorist groups is certainly illegal. Buying cigarettes overseas and not paying tariffs on them is illegal (oops!). You can do tons of illegal stuff with your Visa or Mastercard - sometimes you get caught, and sometimes you don't.

Re:Via MasterCard and Visa? Sure!

[booch]

And how, exactly, is the KKK not a terrorist organization? They've actually been known to -- get this -- terrorize black people. They've bombed houses and churches, lynched people, and burned crosses in people's yards to scare them.

Re:Via MasterCard and Visa? Sure!

[spauldo]

From a legal standpoint, a terrorist organization is not a group that terrorizes people.

A terrorist organization is a group of people the government has chosen to put on the list of terrorist organizations.

Now, don't get me wrong - I have no love for the KKK - but it's been quite a while since they went around lynching people and bombing churches and whatnot. If they started it up again, they'd be put on the list.

Re:Via MasterCard and Visa? Sure!

So has the Church. They killed people, burned villages and ran whole countries through the sword ages ago. And they get tax exemptions too...

Re:Via MasterCard and Visa? Sure!

And who cares for that "legal standpoint"? Which actually is just a deliberate euphemism for "standpoint of those in power", and completely unrelated to the standpoint of those among us, who still have their own opinions. (99.99% don't.)
Yes, since it's by "those in power" one has to act like one cares, until one can stab them in the back. But nobody who can still be considered an individual actually does.

Re:Via MasterCard and Visa? Sure!

IF they started up again??? They are still here my friend, they never left, they just don't advertise quite so much as before, but they, and their members are still here.

Re:Via MasterCard and Visa? Sure!

[spauldo]

If they started it up again. You missed the it. I'm aware they're still around. They don't go around lynching people and bombing churches anymore. If they started lynching people and bombing churches again, they'd be put on the terrorist group list.

Re:Via MasterCard and Visa? Sure!

[spauldo]

Wow, incoherent much?

I can't tell what your post has to do with my comment. You seem to be advocating some sort of vigilante action, but I can't tell if you're wanting to stab politicians or KKK members.

Re:Via MasterCard and Visa? Sure!

Because you just didn't understand my comment at all.
So the Dunning-Kruger effect kicked in, and made "can’t understand" into "makes no sense".
Your interpretation is simply wrong.

But I think I know why this happened:
Apparently you can't fathom the concept of having a concept of right and wrong by yourself, that that concept could differ individually, and that it for most people who have such a concept it is rather unrelated to what is called the "legal standpoint". Because the "legal standpoint" only rarely is the standpoint of a non-evil normal human being.
In other words: You aren't an individual. Since what you think is your views, actually is those of your opinion makers. Because you mistook their statements for actual observations about reality.

Re:Via MasterCard and Visa? Sure!

[spauldo]

No, it happened because your post was unclear and unrelated to my comment.

I mean, go back and look at it. Your first sentence:

And who cares for that "legal standpoint"?

makes sense, from a grammatical point of view. It doesn't make sense in context. We were talking about what is legal or illegal to do with a credit card. Visa and Mastercard care about the legal standpoint. Judges, congressmen, the Federal Reserve, lawyers, and the attorney general care about the legal standpoint. These are the people who determine what can and cannot be purchased with a credit card.

You then follow that sentence with this run-on:

Which actually is just a deliberate euphemism for "standpoint of those in power", and completely unrelated to the standpoint of those among us, who still have their own opinions.

OK. I assume your meaning here is: "Those in power interpret the laws how they see fit, regardless of how the public see fit. Most of the public don't hold an opinion they've arrived at via critical thinking."

My response to this would be: yes, those in power do interpret the laws - that's their job. Yes, lack of interest by the general public gives them leeway to interpret the laws to their own gain. Welcome to the human race - people all have their own interests, and most people don't take the time to hold their leaders to task.

Then, you spout:

Yes, since it's by "those in power" one has to act like one cares, until one can stab them in the back. But nobody who can still be considered an individual actually does.

This has me stumped. It looks like you're saying, "we have to pretend to care what our leaders say, until we have the chance to revolt, but it never happens."

That's a valid observation, sure. It also has pretty much nothing to do with what you can do with a credit card or who gets put on the terrorist watch list.

As far as your ad hominem attack:

My personal sense of right and wrong wasn't part of the discussion. We live under the rule of law. The law isn't always right, but it's better than any of the alternatives. I do have individual opinions on this subject. I've spent quite a bit of time thinking about it. My opinion is that the rule of law is better than any of the alternatives. If you don't agree, that's fine. That's what opinions are for. Just because someone's opinion differs from yours does not mean they haven't thought it through.

And just to keep things clear, and prevent any more accusations of "evil", I'll state my opinion on the matter: I don't like racist groups, be they the KKK, Black Panthers, IRA, Al-Qaeda, or whatever. I do not support violent action against innocent people. I do support their right to free speech. As part of that right, I support the right to donate money to nonviolent groups who support your viewpoint. I may not like it, and I may not agree with their opinions, but they have as much a right to their opinions as I have to mine, or you have to yours.

If the KKK starts killing people again, then I'll be more than happy to see them labeled as a terrorist group, and hunted down. Until that happens, they can hate blacks and jews and whatnot as much as they want, as long as they stay within the law.

Wow.

[DurendalMac]

I earnestly hope this gets taken down ASAP or some innocent people might wind up in prison thanks to pedos renting the botnet to get kiddie porn. I'd think that if they're taking payment via credit card then they damned well should be traceable by some means.

Re:Wow.

Stolen cards, my friend, stolen cards.

It happens more often than you think, and most of the time, these people don't even know it is happening because they don't check on things.

Re:Wow.

[Infernal+Device]

I'd be more worried about someone using to crack open systems for credit cards and bank account info, personally.

Re:Wow.

[sjames]

But that's the best way to pay for your botnet rental!

Re:Wow.

[Fnord666]

I'd think that if they're taking payment via credit card then they damned well should be traceable by some means.

Because we all know that no one would think to use anonymous prepaid cards to pay for such services.

Disinfect the virtual machine

[tepples]

So can you rent the botnet, and run a program that disinfects the botnet systems?

No, it'd probably just disinfect the inside of the virtual machine that the botnet has installed. Or at least that's how it'd be if the botnet is as professional as Amazon's EC2 botnet.

Re:Disinfect the virtual machine

[DigiShaman]

I like his idea though. If you can't clean the infected machine, at least install an additional program that warns the user they've been infected with a nasty virus. At least enough to catch the attention of the IT dept or home user. Not that I've ever used a botnet before, but are we sure they're virtualizing to the point of total OS abstraction?

Re:Disinfect the virtual machine

[Bryan3000000]

They don't have to virtualize at all. Proxy != VM

Some vulnerability in their software could theoretically be used to execute arbitrary code on the host to clean the machine, and yes, that would be neat. It would be hard to compete with the other botnet software trying to do the same, however.

Also, I bet they would double-charge your Visa. Or worse.

Re:Disinfect the virtual machine

So you breach the sandbox (somehow), and then disinfect? Might be fun.

Re:This is exactly why you use a Mac.

[Mitsoid]

Source since you didn't provide one... Oh wait.. this contradicts your statement... http://voices.washingtonpost.com/securityfix/2009/04/worlds_first_mac_botnet_hardly.html

Ok enough!

[ChinggisK]

C'mon, enough with the slashvertisements already!

Re:Ok enough!

Hey, some of us are looking for botnet services and are happy to read articles like this!

Re:Ok enough!

Screw your complaining. I want to see someone clock the speed of this puppy, maybe turn it into a render farm or protein folding or something similar, and see if it's actually worth a damn. If they're going to rent it criminally, at least suck up the cpu and bandwidth by applying to something decent.

Re:This is exactly why you use a Mac.

[mrnobo1024]

If the majority of people used a Mac, then there would be Mac rootkits all over the place, and a few people would be bragging about how secure Windows is.

Re:This is exactly why you use a Mac.

Two so far. Let's see how well the troll worked.

Re:This is exactly why you use a Mac.

[Bryan3000000]

Trojan on pirated software? I'd say that counts as _intentional_ participation in a botnet. Perhaps that's how quite a lot of Windows malware is spread as well. But that certainly didn't amount to anything like a rootkit infection through a privilege escalation vulnerability purely in software.

Re:This is exactly why you use a Mac.

[VirginMary]

If the majority of people used a Mac, then there would be Mac rootkits all over the place, and a few people would be bragging about how secure Windows is.

That is utterly irrelevant if you want more security right now!

Follow the money trail

[KarlH420]

International law enforcement needs to get to work flowing the money. Follow it through botnet rentals, affiliate marketing programs, etc. Cut off flow of money and botnet dies.

Another non-sensical headline

Rent Your Own Botnet

No, rent someone else's botnet. Why would you rent something that's already yours?

Botnet proxies

[Solandri]

So in addition to an open wifi router, we now have another means by which an innocent user can unwittingly have copyrighted music and movie files downloaded via his/her IP address.

Re:Botnet proxies

This gives me a good idea for a defense in my copyright case (I am being sued because someone downloaded call of the wild). I run an open Wifi Node, and I have been brutally owned and turned into a botnet proxy node ! NOT GUILTY !

Interesting

[arthurpaliden]

So I can use Visa or Master card to rent time on a botnet which goes to criminals but I cannot use then to donate to Wikileaks.....

Re:Interesting

That does seem strange that they don't treat all criminals equally.

At $3/day do they support virtual machines?

[Hadlock]

Can you distribute virtual machines across a bot network?

Self Defeating Business Model

I'm going to install TDSS on a honeypot, load socks.dll on it, sniff some awmproxy.net customer's activities and post anything interesting I see them doing publically. Thanks for the lulz, awmproxy.net!

turn botnets on each other?

[roc97007]

I wonder if you could rent a botnet to attack other botnets?

Re:turn botnets on each other?

I'm sure it happens all the time. Botnets are big business, only without the need to stay within those pesky 'laws' and 'regulations', since it's all illegal from the get-go. If it'd benefit you to destroy your competitor's product, and there's nothing to say you can't, why wouldn't you?

Re:turn botnets on each other?

[roc97007]

Agreed. So why not rent a really big botnet, use it to destroy other botnets, and then turn it on itself?

Re:turn botnets on each other?

[monkyyy]

because the mass of all the botnets, beat this one that someone set up for renting, its not going to last and they probably didn't put much effort in the code; expecting all sorts of ppl messing around, while advertising its existence, makes for one very short lived botnet

Re:turn botnets on each other?

[kmoser]

Yo Dawg, I heard you liked botnets so I but a proxy on your botnet so you can attack other botnets.

omg

I can't believe /. missed the obvious headline: "Rent to Pwn"

I can see the new commercial for it...

[Torinir]

Trashy old computer: $100.

Botnet rental: $3.

DDoS'ing your credit card company: Priceless.

There's some things money can't buy.

Re:I can see the new commercial for it...

[black+soap]

But for renting a botnet, use mastecard?

The answer is to block the payments

[Dark$ide]

If we want the world to be free of spam, free of botnets and a nice happy virtual land to live in then the simple answer lies with PayPal and the credit card companies.

If you cut off the payments then the blackhats will have to find something else to make their evil millions.

Of course, the problem is that PayPal, Visa, Mastercard and others like their revenue stream too much, they like their 1% cut of the spammer's ill gotten gains. They won't stop while any cash cow that can still be milked.

smart people would

[hesaigo999ca]

If I was Bill Gates and serious about taking down this monster, I would use a lot of cash to keep it fully rented for a month, and within that month send out specially crafted ads, that can be traced back to its originating IP, this way we can find out exactly who is infected with this IP address. This IP address person can be contacted through their ISP and let it be known they are part of a botnet, and allow them to download a free tool from MS to clean up their machines, of course...there would be resistance to this, the ones resisting would have to be taken off their ISP traffic, until they actually fixed their machines.

This I believe would be a way to make a huge dent into this problem.

Re:smart people would

[black+soap]

I'd rather just use all that money to hire ninjas to sneak in and disinfect the computers, or at least cut the wire connecting it to the internet.

Re:smart people would

[hesaigo999ca]

Ahhh...but the ninjas would never sneak in, ...they would disembowel the owner of
the computer, and proceed to hunt down all family members so this sort of ignorance would never happen again....

"my blood flows with the upheaving forces of the universe....."

Everybody has the right to be "Wrong"

[RobertLTux]

Its like the saying round the armed services

"Just to be Honest with you i hate you and everything you stand for but I WILL DEFEND WITH MY LAST BREATH AND ONCE OF WILL YOUR RIGHT TO EXIST (until i am ordered otherwise)."

now that does not say that if i know of the KKK planning to make trouble somewhere i would not arrange for say the Black Panthers (or some similar group) to also be present but they have a right to their opinion.

Slashdot effect

Can't buy from them anymore. From what I can tell awmproxy.net doesn't rent the botnet, they're just renting proxies.