When foreign markets are willing to pay twice as much for your exports, it's usually a good sign. Unfortunately for Australia, the goods being traded are compromised PCs — but why are Australians worth twice as much as Americans?
Researchers at security firm MessageLabs last week discovered that a group operating the "InstallCash Affiliate Program" is offering US$100 per every 1,000 compromised computers from Australia. But the group is offering just US$50 for American machines and US$25 for French ones.
The program relies on recruiting the help of a Web administrator who is willing to modify a Web page under their control so it exploits unpatched browser vulnerabilities and infects visitors with spyware tied to the affiliate program.
The prices being offered for machines from various countries are below:
Price (in US$) per country per 1,000 bots:
- Australia $100
- UK $60
- Italy $60
- US $50
- Netherlands $25
- France $25
- Denmark $25
- Spain $25
- Greece $25
- Poland $18
- Other $18
- Asia $3
The information above is from InstallCash Affiliate Program.
One explanation given in the media by MessageLab's Phillip Routley as to why Australian PCs are worth more than those from other countries is that Australians are less security savvy and therefore less likely to check their computers, giving spyware on Australian PCs a longer life expectancy than in other countries.
But are Australians, on the whole, any less savvy than other nations' general population?
I doubt it. So I called Routley to see if he had any other explanations that were omitted from the initial media report. Though he admits he doesn't know what the spyware does — which would help explain why Australians are so highly prized — he had a few other theories to share.
The Web developer wage-parity theory Broadband penetration theory
To attract Web developers, the spyware distributors must offer a bid suitably large to entice the developer to risk their income. Without evidence of what a Web developer gets in the US, UK or Australia, I can't disprove this theory, but I would be surprised if an Australian Web developer gets twice as much as one in the UK, and would therefore require twice the payment to risk their income.
According to Internet World Stats, in China just 16 percent have access to broadband, but the user base has grown by 833 percent since 2000. In the UK, 66 percent have broadband access, with 162 percent growth since 2000. Meanwhile 75 percent of Australia has Internet access, which has grown 183 percent since 2000.
The theory is that a large, high-income population attracts a higher value — which Australia is, but then so is the UK, US and the most of mainland Europe for that matter.
The rapid growth and volume of people connected to the Internet in China, as well as its lower wages, explains why compromised Chinese machines only attract US$3 per 1,000, according to Routley.
This theory can explain the difference in value between the top and bottom ends of the scale, but it fails to explain why Australian bots are worth twice as much as UK bots. Australians are not as jaded as Americans and British
"Sixty percent of the world's supply of botnets are from compromised computers in the US," Routley said. "The US and UK are both saturated markets".
Australia is still a relatively immature market in terms of hosting bots, which means there are many computers available while victims are still unaware of the full impact spyware might have on their PCs and lives. Australian naivety is valuable in an otherwise cynical global market. Bank theory
This last theory, my favourite, comes from IBRS security analyst James Turner and rests on the assumption that the spyware is designed to steal information that leads to money from Internet bank accounts or credit cards.
Australia is a wealthy country, and thanks to banks typically refunding stolen money from consumers when malware is used to steal it over the Internet, the group places a high value on Australian bots.
Australia also lags Europe in terms of authentication for Internet banking. "Meaning that just a username and password will often do the trick," said Turner.
Australia is also yet to introduce data breach disclosure laws, and without statistics on user behaviour that could be generated from such figures, Australians will unlikely change their behaviour any time soon, so the lifecycle of each bot is longer here on average than comparably wealthy countries.