Study finds the average price for renting a botnet

Study finds the average price for renting a botnet

Summary: Based on an experiment conducted by researchers from VeriSign’s iDefense Intelligence Operations Team, involving 25 different "rent a botnet" underground marketplace propositions, they were able to conclude that the average price for renting a botnet is $67 for 24 hours, and $9 for hourly access.

SHARE:
TOPICS: Security
16

Based on an experiment conducted by researchers from VeriSign’s iDefense Intelligence Operations Team, involving 25 different "rent a botnet/DDoS for hire" underground marketplace propositions, they were able to conclude that the average price for renting a botnet is $67 for 24 hours, and $9 for hourly access.

With only two static things within the underground marketplace that I can think of right now - greed and potential for growth, personally, I think that static price lists for a particular service don't fall within this category.

Here's why.

The dynamics of the underground marketplace, have greatly matured throughout the past couple of years. The logical shift from static pricing lists, to the embracing of multiple pricing schemes such as price discrimination (differentiated pricing), or penetration pricing, naturally resulted in different prices for different targeted groups.

Basically, the propositions analyzed by iDefense, can be best described as variables that are tailored to different customers.

For instance, starting from the basic fact that cybercriminals actively multitask on multiple fronts, and the fact that access to botnets as an asset is a commodity good within the underground marketplace these days, certain propositions will even offer the "botnet for hire" option as a bonus/value-added service.

Moreover, what differentiates the sampled services from the hardcore IT underground ones, is the fact that the majority of these explicitly state that they reserve their right not to attack (any) government web sites, or engage in activities that will attract attention to their activities.

On the other hand, the hardcore "rent a botnet" services will not only charge larger sums of money, but may even ask for another cybercriminal to vouch for the new customer in an attempt to limit curious researchers from finding out more about their infrastructure.

One of the most novel approaches for acquiring new clients I've seen in a while, is a weird combination consisting of direct DDoS extortion, followed by penalties for delayed response -- true mafia style that's for sure -- and the offering of 30% discount in case the victim wants to DDoS the competition once he pays the ransom.

Not only is the company in question a victim of DDoS extortion, but once it pays it's offered a 30% discount if it rents the service from the same extortionists, as well as a "protection" with the extortionists promising to turn down offers from the competitors wanting to attack the now "protected customer".

Surreal, but a fact. Here's an excerpt from the actual DDoS extortion letter:

"Hello. If you want to continue having your site operational, you must pay us 10 000 rubles monthly. Attention! Starting as of DATE your site will be a subject to a DDoS attack. Your site will remain unavailable until you pay us. The first attack will involve 2,000 bots. If you contact the companies involved in the protection of DDoS-attacks and they begin to block our bots, we will increase the number of bots to 50 000, and the protection of 50 000 bots is very, very expensive.

You will also receive several bonuses. 1. 30% discount if you request DDoS attack on your competitors/enemies. Fair market value ddos attacks a simple site is about $ 100 per night, for you it will cost only 70 $ per day. 2. If we turn to your competitors / enemies, to make an attack on your site, then we deny them."

The long term trends regarding botnets for hire or DDoS for hire services, look pretty disturbing due to a simple fact - based on the never decreasing supply of malware infected hosts, no matter how low they price their services, they will always make a profit out of it, in between increasing the availability of such services to the general public.

From another perspective, this very same "general public" is slowly starting to realize that sometimes, experience cannot be outsourced.

Image courtesy of a famous (in 2007), now taken offline botnet for hire service. Tip of the iceberg within the cybercrime ecosystem.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • Let's see if I got this right

    They're offering a 30 percent discount based on fair market values against a targeted victim's competitor -AND- as a bonus incentive, are lapping on top a sure-fire guarantee that they won't let that same competitor retaliate towards you by denying them the privilege of firing back. Hmmm.

    That in my books smacks of contemporary capitalism in all its twisted glory, especially the part about killing two birds with one stone, and at a substantial discount! This kind of strategic and tactical maneuvering mirrors what one finds in most modern corporate boardrooms. At a minimum, you gotta give them points for taking such such creative approaches when it comes to ratcheting more loot from would-be victims, er clients, er victims.<br><br>If I didn't know better, I would have thought you were reciting the 101 playbook that Microsoft and Apple use in their daily dealings. But you claim this spins around botnet rentals, and DDOS attacks, and cybercriminals... <img border="0" src="http://www.cnet.com/i/mb/emoticons/shocked.gif"> Somewhere you lost me... wha ??
    klumper
    • There's a big difference.

      Sometimes when somebody somehow manages to prove some corporation has committed a crime, beyond all reasonable doubt, there might be a punishment doled out to said corporation. But nothing happens to the people responsible. Where as if these botnet herders are caught and found guilty, they will be punished, not able to just file corporate bankruptcy and start another corporation. In short, there is infinitely more risk involved for them.
      AzuMao
  • What kind of access is allowed? Would it be possible for a white hat to..

    ..rent one of these botnets and disinfect them, or is it to restricted?
    AzuMao
    • RE: Study finds the average price for renting a botnet

      @AzuMao Complete access, disinfection is of course possible.

      Good thinking, by the way. In fact, I've already discussed the exact same approach, 2 years ago:
      http://ddanchev.blogspot.com/2008/06/using-market-forces-to-disrupt-botnets.html

      "For instance, 1000 bots go for $25 bucks, there are however propositions offering 10,000 bots for $50 bucks, theoretically, as there's always the suspicion that they won't deliver the goods and you'll end up with a situation where scammers scam the scammers, for $1000 you can buy a 100k infected PCs, and for another $100,000 a million infected PCs.

      So what? Well, establishing a task force to periodically purchase already infected PCs and disinfecting them, of course, in a opt-in fashion on behalf of the end users in order to please the paper tigers, stating that if their government can magically help them fight malware, they're interested, is one of the many ways market forces could be used to directly mess up with the oversupply of botnets for sale."

      The problem? It's a similar one to a situation where a botnet is disrupted, but the hundreds of thousands of infected users, remain just as gullible and exploitable as they were before it was shut down.

      And since there's no major shift in their awareness, it's only a matter of time until they get infected again, with the task force/government in question ironically turning into a major customer.
      ddanchev
  • capitalism is a method and a tool

    Just like a firearm, an axe or a knife; these are all tools that can be used for evil or for good. Good people use the resources available for good; to increase productivity, wealth and general welfare. Evil people use the resources available to wield power; resulting in fear, destruction of productivity with no concern of the general welfare; only that which they perceive to bring more to them.
    A societies worldview; what's right or wrong; what's important; this is what drives whether a culture is generally "good" or "bad". I say that a culture that does not value Life, Liberty, personal Property etc, will always persue power over Life, limiting liberty and have no regard for one's personal property. This is evil. Our Declaration of Independence and our Constitution speaks of Life, Liberty and the Pursuit of Happiness. If our society and our government actually held to this view, we would not have corporations run greed, but on profit without greed. They would do that which is profitable to everyone, not just a few greedy and power hungry leaders holding onto power with a death grip. Profit is good. Greed and Pride are what destroys people, corporations, societies and governments.
    But, as any propaganda machine will do, the ones with the greed and pride in power, try to make everyone believe that profit is evil; to redirect everyone's attention away from them.
    jrhue@...
  • RE: Study finds the average price for renting a botnet

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane
  • RE: Study finds the average price for renting a botnet

    Every time you would like to cope with <a rel="follow" href="http://buyessay.org/essay.html">essay writing</a>, make sure you seek out not merely <a rel="follow" href="http://essaywritinghelp.us">essay writing help</a> but for exactly the most efficient <a rel="follow" href="http://buyessay.org">essay writing service</a> of such type.
    Steampower
  • RE: Study finds the average price for renting a botnet

    Any organizations worldview; what is wrong or right; what is actually essential; itrrrs this that pushes whether or not a new lifestyle is usually "good" or even "bad". I only say a lifestyle that will not price Existence, Freedom, personalized House and so forth, will forever persue control of Existence, constraining freedom and also have zero value for your individual house. This can be wicked.
    thanks
    <a href=http://fidelityrothira.net>roth ira</a> | <a href=http://iralimits2011.com>ira limits</a>
    rothira
  • RE: Study finds the average price for renting a botnet

    Excellent article, I really appreciated with it. This is fine to read and useful pro potential. I really bookmark it
    <a href="http://www.fiacardservicesreviews.net">fiacardservices</a>
    mark768
  • RE: Study finds the average price for renting a botnet

    Computers are recruited into a botnet by running malicious software. This may be achieved by a drive-by download exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, possibly in an email attachment.. <a href="http://www.clubmz.com/">Cell Phone Spy Software</a>
    jollysimpson
  • RE: Study finds the average price for renting a botnet

    I like this kind mutual communication very much. I can learn much from that. The opinion that everyone gives also can be as useful information.. <a href="http://www.prlog.org/10308124-cell-phone-spyware-best-spy-ware-for-cell-phone-at-only-15.html">cell spyware</a>
    nishawarner
  • RE: Study finds the average price for renting a botnet

    I know someone who rents botnets with 52 usd for 24 hours. From what I see, he' s happy with his business. Cheers. <a href="http://www.online-math-tutoring.com">Online math tutoring.</a>
    octavus84
  • Study finds average price for renting a botnet

    I like the topic, the content is very well discuss. It is worth reading the whole content of this article. I could learn much from this and thank you for sharing this thought. <a href="http://projectmanagementacademy.net/seattle/pmp-training.php">PMP Seattle</a>
    Cathlene25
  • zero energy design

    Botnets make me nervous. My computer was once part of a botnet and I was contacted by the police over the activity my computer was doing. <br><br> http://madgrowth.net
    http://www.zero-energy-design.com
    iamtheceo
    • warning

      Just an update that my computer was just hacked and was part of a botnet again. People should check their computers asap!
      zoosk coupons
      freecreditreport.gov
      iamtheceo
  • website designing company

    I love this post , it is very help full for me website designing

    companySo glad to see Gongsun Long make a comeback
    Domain and Hosting company and also have the best services for Bulk SMS Service ProviderThought I should give you…Positive response. we

    are also provideOMR Software
    website designing company