Cloud-computing crimeware means networks of zombie machines can be hired to steal online-banking details for as little as $299 (£185) per month.
'Fraud as a service' is opening up computer crime to people with no technical expertise, warned Uri Rivner, head of new technology at security company RSA.
Speaking at the RSA Conference Europe 2008 in London, Rivner laid the pricing bare, revealing how fraudsters offer botnet networks as a subscription service, with patching and upgrades thrown in.
These networks could be tailored to infect other users' computers with malware, or to launch massive distributed denial-of-service attacks designed to take down computer systems.
Rivner said: "This is the danger with making this technology open to the mass market. Anybody can become a high-end online fraudster."
Malware is also being sold for both the high-end and budget markets, from the $1,000 Zeus Trojan, a sophisticated Trojan that harvests data and entrenches itself in the system, down to $350 for the Limbo Trojan.
Rivner said the fraudsters usually split their roles between the "harvester", the hacker who writes and deploys the malware to steal the details, and a "cash-out" criminal who will handle the money.
Cash-out fraudsters use "money mules", who are often unwittingly recruited as "finance officers" working from home, to have the dirty money laundered through their account.