[ISN] Security researchers unpick botnet economics

http://www.theregister.co.uk/2009/07/24/botnet_economics/

By John Leyden
The Register
24th July 2009 

The economics of botnets and the sale of stolen information in 
underground bazaars have been detailed in greater depth then ever before 
in new research from Kasperky Lab.

Infecting PCs with strains of malware that leave them open to remote 
control by hackers has been the mainstay of various forms of cybercrime
- spamming, identity theft and distributed denial of service attacks - 
for some years. Kaspersky's research highlights the asking price for a 
variety of criminal services rather then uncovering anything new, but 
is nonetheless valuable in shining a light on the financial 
motivations that nowadays lie behind many internet security and 
privacy-related threats.

The paper - The Economics of Botnets - also charts the evolution from 
centrally controlled systems with a single C&C towards far more 
sophisticated and distributed systems with decentralized control, which 
are far more difficult to shut down. Botnets are established by 
distributing backdoor code, often using drive-by download attacks via 
compromised websites, or rented via underground forums.

Once acquired, a would-be cybercrook has multiple potential sources of 
income: DDoS attacks, theft of private information, spam, phishing, SEO 
(Search Engine Optimisation) spam, click fraud and distributing adware. 
Not that there's any need to be selective. "A botnet can perform all of 
these activities… at the same time," notes Kaspersky researcher Yury 
Namestnikov.

Namestnikov sketches out the potential financial rewards from running a 
botnet, as summarised below:

[...]


_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com