Commercial Applications of Botnets

In order to allow them access to the compromised networks, botmasters claim huge amounts of money. Selling and leasing botnets are two illegal operations that bring lots of money to their masters, and that is why malware authors have started creating botnets with the sole purpose of selling them to other interested parties, ready to spread more malware or spam.

Sending commercial spam is one of the most common applications of botnets.The advertised merchandise is usually either illegal or dangerous. For instance, the vast majority of spam messages deal with restricted medicine, such as Viagra, Levitra, Xanax or other controlled drugs that can only be purchased on prescriptions. Other spam messages advertise replicas, an euphemism that covers a wide range of fake products (Rolex watches and designer pieces of jewellery or accessories).Counterfeit software also represents a significant chunk of the spam messages. “Respectable” websites use spam messages to lure consumers into buying OEM software  or even retail copies of pretty expensive software.

 

 

Upon subscribing to such services, the user gets a download link for the trial version of the software, bundled with a serial number stolen from a legitimate user. This practice harms not only the software vendor, who witnesses financial losses associated with piracy, but also the legitimate user who gets its license blacklisted for “bending” the End-User License Agreement (registering more than one copy on multiple computers).

Security experts estimate that 80 percent of the spam messages come from zombie computers, and it is sent either directly (by the botmaster) or indirectly (by the organizations who have rented the botnet for “ad campaigns”). A single spammer with medium skills can get between $50,000 and $100,000 in revenue a year.

Sending spam is the most popular method of boosting sales, but there are tougher threats associated with botnets. More experienced botmasters usually resort to extortion to gain financial advantages from mid-sized companies. The procedure is simple: first, botmasters use their zombie networks to perform a demonstrative DDoS attack on the company’s website. This proves that they have enough resources to take the corporate website / network offline. In order to refrain from future attacks, botmasters demand payment of a specific amount of money to an anonymous bank account. However, although most of the companies pay the money, botmasters continue with the DDoS attacks while raising their financial claims.

Mid-sized businesses are the perfect choice, as they guarantee the attackers that they have enough money to pay as ransom. While larger companies could also be an eligible target, they have dedicated IT staff taking care of the network, as well as dedicated hardware to prevent such attacks (null-routing modems and switches that direct the DDoS traffic away from the corporate network).