Brian Krebs of the Washington Post has published a fascinating and powerful piece about botnets and some of the individuals behind them. Krebs interviewed a 21 year old man using the online name 0x80 who was making around $6,800 a month by taking control of unprotected computers with a worm he wrote, creating a botnet of owned machines, and using them to distribute adware/spyware for fun and profit.
[..] he(0x80), and a growing number of botmasters make money by seeding their botnets with spyware, also known as adware. Once installed on a PC, the adware serves up pop-up advertisements and mines data about the user's online browsing habits. The computer worm that powers the botnet also gathers far more sensitive data from the victim's machine, including passwords, e-mail addresses, Social Security numbers and credit card data. The spyware and adware problem is pervasive and growing: A recent survey by the National Cyber Security Alliance and America Online found that four of five computers connected to the Web have some type of spyware or adware installed on them, with or without the owner's knowledge.
Another hax0r who goes by Majy online admitted to installing adware for one company called Gamma-Cash, the makers of the XXXtoolbar, and for another company, LoudCash, recenlty acquired by 180solutions. Krebs' article is several pages and well worth the read. Another of Krebs' interviews highlights some chilling facts. Sam Norrris, presdient of ChangeIP.com monitors botnets to stop them from using his networks.
Norris says he sees an average of 37 new botnets per week trying to use his company's service, and sometimes as many as 10 new botnets per day. Last spring, he cut off access to a botnet of more than 40,000 PCs that was being used as a massive install base for spyware. "I am seeing this botnet-spyware connection just skyrocket," Norris says, "and I think it's because these guys are realizing there's tons of cash to be made here."
Norris also reported he found a botnet of 10,000 infected computers inside a Fortune 500 company. He subsequently contacted the network admin, who seemed poorly trained and replied "Well, what do you want me to do about it? The good news is that law enforcement is finally beginning to understand the problem, according to Norris. Krebs'article ends with a follow up on the young hacker 0x800, who is thinking of giving up the botnet business.
During his investigation of botnets, Krebs made a visit to 180solutions last October, which I wrote about here, and now Krebs has blogged the rest of the 180 story that got cut from the botnet article.