Vulnerabilities / Threats
5/27/2010
10:55 PM
50%
50%

Cheap Botnets A Boon To Hackers

Easy access to cheap botnet rentals and sophisticated attack tools are lowering the barriers to entry for criminals who can’t code.

Have you got $67 burning a hole in your pocket? Then you can rent a botnet for 24 hours to launch distributed denial of service (DDoS) attacks, sell fake antivirus software and relay spam to unsuspecting email users via millions of compromised -- aka zombie -- PCs. Or if you only need an hour, that’s just $9.

Those findings come from iDefense, VeriSign’s security intelligence service, which studied 25 black market botnet offerings. Based on the company’s research, botnets are becoming increasingly commoditized, with sellers freely hawking their wares via online forums and banner advertising.

“Organizations need to be wary of the fact that their critical online applications or services could be taken down in under a day by a criminal renting services from bot herders,” said Rick Howard, director of intelligence at iDefense, in a statement.

Unfortunately, the easy access to botnets, as well as the emergence of more automated botnet software, has lowered the botnet barrier to entry for less technologically inclined or well-connected criminals.

In March, for example, Spanish police arrested the three alleged masterminds behind the Marisposa botnet, which ran undetected for six months, compromising more than 12 million PCs, many at blue-chip firms and banks.

“Our preliminary analysis indicates that the botmasters did not have advanced hacking skills,” Pedro Bustamante, senior research adviser with Panda Security, told the Guardian. “This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss.”

Mariposa may now be defunct, but one of the most well-known botnet tools, Zeus, is still alive and well. According to a recent report from managed security services provider SecureWorks, “Zeus is sold in the criminal underground as a kit for around $3,000-4,000, and is likely the one malware most utilized by criminals specializing in financial fraud.”

Customize Zeus with numerous add-ons: virtual networking to take over an infected PC ($10,000), an upgrade for attacking Windows 7 or Vista ($2,000), Jabber IM broadcasting to receive stolen data in real time ($500), a Firefox form grabber ($2,000) and a back-connect module for making financial transactions from an infected PC ($1,500). Interestingly, the Zeus application also includes sophisticated anti-piracy features.

If the going rate for renting a botnet or buying the right software seems steep, antivirus vendor Sunbelt recently said that it’s been tracking a Twitter-controlled botnet that can be used to launch DDoS attacks. Dubbed TwitterNET Builder, the tool -- available at no charge -- lets an attacker simply enter a Twitter username and hit “build” to generate the required malware.

Thankfully, the tool’s reliance on public Twitter commands for control means that attackers get what they pay for. “We’ve notified Twitter about this bot creation system, and they’re looking into it,” said Boyd. In other words, don’t try this at home.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0656
Published: 2015-03-03
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.

CVE-2015-0890
Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.