NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0337 Eastern European Web Site Features Botnet for Hire:
Security researchers have discovered a new Eastern European web site that uses a
large botnet to infect vulnerable PCs as a service to clients, then charges them for
each infection. The site is likely operated from Russia, according to the researcher's
sources, who reportedly asked to rmain anonymous because of their underground intel-
ligence work. The front-end web site - "loads.cc" - does not appear to contain or
deliver malware, researchers said, but likely logs the IP addresses of its visitors.
The site controls a botnet that may include up to several million PCs, according to
the sources.
The operator of the site provides real-time information on the size and availability
of the botnet, and charges clients for using the botnet to infect computers with
whatever malware the customer chooses. The going rate at the time of its discovery
was about 20 cents per "load," or successful injection into a vulnerable PC. A client
can ask in advance for a certain number of infections, such as 1,000 infections for a
$200 fee. Customers can also pay for loads based on country, IP addresses, or other
attributes.
Once the job is completed, the client receives a report - essentially an itemized bill -
of the IP addresses where loads were successful. This service is said to be another
example of a service-based hacking product that opens up internet crime to less technically
proficient criminals. The ".cc" internet domain is assigned to the Australian territories
of the Cocos and Keeling Islands.
(www.pcworld.com 29OCT07)