Yury Namestnikov, antivirus analyst at Kaspersky Lab, explains
why botnets are so common and how they are used to generate illegal income. Their fairly low maintenance costs and ease of use, combined with the high profits they can bring, make them the perfect cybercriminal tool.
Botnets are armies of computers infected with malware that can serve many purposes, from launching distributed denial of service attacks, to sending spam, stealing confidential information, installing additional adware and rogueware, performing click fraud or facilitating phishing.
The first botnets were designed for one or a limited number of tasks and were being controlled by the attacker from a single command and control server, making them very vulnerable to take-down efforts. This practice is still in use, but generally only for small, very simple botnets.
Instead, most of today's armies of zombie computers form complex and flexible infrastructures and are able to perform most of the attacks described above, generating income from multiple sources. For example, botnet owners charge between $50 to several thousands of dollars for launching DDoS attacks, depending on the target and the length of the attack.
Furthermore, the price for a stolen bank account starts from as little as $1 and can reach $1,500 if it has a big balance and the account is fresh. Complete personal details for a U.S. resident cost between $5 and $8, while those for a EU citizen are two or three times more expensive. Harvested e-mail addresses are sold for between $20 to $100 for one million.
Spamming services are also sold to third parties, and can range from $70 to $1,000, depending on the number of targeted email addresses. "In the past year, spammers made about $780,000,000 sending messages. An impressive result for adverts that nobody wants, isn’t it?," Mr. Namestnikov notes.
Botnets can also be used to artificially inflate the rank of a website in search engines. This is done by having each zombie computer post spam comments across the web, which contain links to that website. Such services are available for $300 per month.
The installation of adware on the infected computers can also be sold. Adware developers pay botnet owners between $0.30 and $1.50 per install. Other cybercrooks can also buy such installs, but for their own malware. The cost to infect already compromised computers with additional malware is between $3 for systems in China, to $120 for the ones in the US.
The infected computers can also be used for hosting other services and websites, the ones used for phishing in particular. The technique is called fast flux and implies constantly changing the IP where a hostname points to. This service is sold for $1,000 to $2,000 per month.
Another illegal activity that can be performed with botnets is click fraud. "According to Click Forensics, about 16-17% of all advertising link clicks in 2008 were fake, of which a third was generated by botnets. A simple calculation will show that botnet owners made $33 million for clicks," the Kaspersky researcher explains.
The fight against botnets is a constant cat-and-mouse game. Some important hits have resulted from the cooperation among law enforcement agencies, ISPs, antivirus experts and even journalists, but these only had a temporary effect. "Sadly, chopping off one head of the hydra is not enough!," Namestnikov stresses, before noting that users are a big part of this and need to keep their computers clean by using antivirus software, complex and different passwords, etc.