Botnet price for hourly hire on par with cost of two pints

Botnet price for hourly hire on par with cost of two pints

Summary: iDefense has found that unskilled attackers can hire botnet services for bargain-basement prices, pointing to the wider availability of attack infrastructure

SHARE:
TOPICS: Security
2

Botnets are available for hire for as little as $8.94 per hour, emphasising how little financial muscle or technical expertise is needed to carry out attacks, according to VeriSign iDefense.

The cybersecurity intellgence arm of VeriSign said on Monday that it carried out an online investigation into 25 botnet operators in February, targeting botnet services advertised on three web forums. The study found that hourly botnet rental pricing started at $8.94 (£6.04), while the average price for a 24-hour rental — the sample mean of the highest and lowest advertised prices — was $67.20.

The services advertised a number of attack vectors, including ICMP, SYN, UDP, HTTP, HTTPS and Data. The botnet operators plied their wares via the same techniques as legitimate businesses, such as via forums and banner ads. One botnet operator offered a pricing structure for the takedown of sites that had anti-attack measures intalled.

While those masterminding criminal operations involving botnets have in the past often been technical experts, the trend is towards the hiring of botnet services by less-skilled individuals, according to VeriSign. This allows a wider range of cybercriminals to launch attacks designed to shut down a targeted company's systems or to spread malicious software, it noted.

"While these attacks are becoming increasingly sophisticated, the criminals targeting your business may not be," said VeriSign iDefense director of intelligence Rick Howard in a statement.

That trend surfaced in March with the arrest of three men accused of operating the massive Mariposa botnet. Unlike many underground hackers, the alleged ringleaders of the operation were not skilled programmers, but had contacts who were, authorities said.

The Mariposa botnet, believed to have been composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1000 companies and more than 40 banks.

Authorities continue to have difficulties finding ways of combating botnets. Microsoft said it had taken effective legal action against the Waledac botnet, but observers such as Spamhaus said the levels of spam generated by the botnet had seen little change.

The world's largest botnet, Zeus, had its traffic disrupted by repeated disconnections of a Kazakhstani ISP in March, but a series of reconnections revived its activity, security researchers have said. The botnet mainly pushes out the Zeus banking Trojan, an information-stealing keylogger that relays sensitive data back to its controllers.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Given the high rate of infections within the Windows-user world, I'm surprised that the rate is that much to be honest...
    davey@...
  • New users buying computers, off the shelf, are being forced to buy a license for windows, whether they want it or not. And, if they know nothing of securing said computer they will be infected in a matter of minutes of connecting to the internet. Therefore Microsoft has to carry some of the responsibility by having manufacturers pre-install windows on all new computers. Banks using windows based systems are putting their customers at risk.
    Hiring a botnet at 6 pounds per hour does seem a bit high. Seems they could sell much more at a lower price.
    ator1940