Gallery

Why smaller botnets are big business

Posted on 31 Aug 2010 at 14:26

Davey Winder gets to grips with the business of botnets

Marcus Whittington, from security software outfit SentryBay, summed it up when he told me: “It’s only the bad guys who can tell you exactly how profitable their botnets are, and unfortunately they’re keeping it pretty quiet.”

But he pointed to one adware distributor who was known to have made around £10,000 in a single month by “using a massive botnet” to install adware on some 10,000 computers.

All you need is money

We know that botnet business is big business, and perhaps most worryingly, all you really need to run a botnet today is money. Technical know-how comes a long way down the checklist, given the proliferation of off-the-shelf botnet construction and control kits that enable the type of script kiddie who would have been content a few years back throwing worms around the network to establish a hugely disruptive and profitable botnet instead.

Botnet business is big business, and perhaps most worryingly, all you really need to run a botnet today is money

Such kits sell commercially within the online criminal underground for £100 upwards, but ironically enough, among criminal types they often quickly get hacked and sold on for a lot less, or even circulated freely on some forums.

There’s more to the botnet economy than just rental income, there’s also the small matter of what the owner of that botnet does during the downtime when it isn’t being rented out.

The answer seems to vary considerably, with some one-man bands who want to avoid detection simply doing nothing at all in order to maintain a low profile, while some of the bigger and more organised gangs will look to exploit the resource for maximum profit.

Harvested data

Often that means harvesting every bit of personal data from the infected zombie PCs that comprise the botnet, as well as from new machines that are added to it through the use of an ongoing malware distribution exercise.

Stolen credit card numbers can be worth anything from a few pence to a few pounds each, depending upon the volume being purchased, while “live” bank accounts tend to fetch far more. A stolen identity, or stolen social network account login, can also be a valuable commodity.

I don’t know whether I should be happy or sad to discover that my value to the bad guys is a pathetic £6.50

If you want to get some idea of how much you – or rather the data on your PC that might be exposed to a botnet operator – might be worth to the criminal underground should your machine be compromised, Symantec has an online risk assessment tool you can use. I completed this scan and I don’t know whether I should be happy or sad to discover that my value to the bad guys is a pathetic £6.50.

But botnets just use Windows, right?

Wrong, wrong, wrong. I’m not trying to deny that most botnet activity targets and exploits Windows users, but that isn’t the whole of it from a security perspective. Since all the emphasis (both media and online tech illuminati) is focused on Windows’ weakness, there’s a tendency to deduce that Mac and Linux users are immune to security issues.

Let’s take Linux first: a recent MessageLabs report suggests that Linux-based computers are five times more likely to be used to send spam than Windows ones, which the parent company Symantec says is due to admins running mail servers with port 25 open to the internet.

As for the Macintosh, well, botnets have already been activated that run on OS X machines, courtesy of trojans hidden within pirated copies of expensive software such as iWork and Photoshop that are distributed over P2P networks.

OS X users have reported their machines being used as part of botnets running DDoS attacks for example, and some have suggested that this net could be up to 20,000 machines strong. Okay, that’s small beer compared with even a smaller Windows botnet, but perhaps it’s a warning shot that no matter which machine or OS your allegiance lies with, the botnet business will inevitably touch you unless you take security seriously enough.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site