Inside the Botnet Business: Getting Rich Quick

Starting a career in Cyber-crime is relatively simple, but, just how do attackers go about building a botnet into a multimillion dollar business? Of course, the biggest concern for botnet builders lies with attribution i.e., things that can be tracked directly back to the individual. As such, budding botnet builders (at least those who have thought about things before tinkering), will focus on how to acquire free malware-building tools "anonymously of course" and how to use other free services to host critical infrastructure components. the most-common process tends to be for builders to develop kit-based, botnet malware such as Zeus, SpyEye and PoisonIy , and have the malware hosted on free Web services.

Many early-stage botnet builders utilize deception to trick their victims into installing the malware on their computers—but most eventually evolve into more sophisticated campaigns that involve fake Websites and Web browser exploitation, A key component in building botnets lies with the management of Domain Name System (DNS). As such, free Dynamic DNS providers are preferred service providers for botnet builders, especially when [the botnets] can be set up and managed anonymously.

From there, it’s time to talk business plan. There are botnets involved in spamming, rogue antivirus, and other schemes. Today, however, the highest cash reward versus the likelihood of being noticed by law enforcement would be “identity laundering.”

“Identity laundering is the process of taking all of the identity information observed on a botnet victim’s machine, and laundering the information through gray-market and legitimate sites/services that pay for the information and resell [it] to legitimate companies, Through this laundering process, a botnet operator can turn a 0.1 cent record into 30 cents, and that information gets consumed by legitimate organizations. By making use of existing lead-affiliate programs [also known as "lead-generation" programs], it’s possible to earn up to $20 per record. Most importantly, though, the likelihood of detection by the victims is practically nonexistent, and in many ways no financial fraud is being perpetuated.

Most botnets are run by professional teams, who may be involved with multiple botnets at any one time. Many of the botnets are around 2,000-strong, with those operating within enterprises being even smaller—typically having only a few hundred bots. That’s not to say that the large named botnets—e.g., Koobface, Conficker, Bobax, etc. don’t also penetrate enterprise networks and aren’t large. These botnets can reach the millions in size—but are only a tiny fraction of the botnet business. The vast majority of criminal botnet operators intentionally focus on avoiding detection, and size will get you noticed the quickest.

Managing a botnet is usually easy, especially if the botnet builder uses popular do-it-yourself construction kits. These management consoles come equipped with functionality to manage stolen identity information, coordinate and batch instructions to infected computers, as well as other capabilities. The tools are very plentiful and, if they’re not free, they’re cheap. Even the most expensive, fully supported, cutting-edge, criminal do-it-yourself kits can be acquired for a few thousand dollars, with a lesser annual subscription-renewal fee.