CRN Australia's piece on the economics of malicious software is fascinating. They assert that the days of intellectual curiosity-fuelled hacking are behind us and that today's botnetters and spyware creeps are all about the dough. However, competition seems to have crashed the price of some of the market's commodities, like infected PCs, which only generate a $0.30 payment to the infector. I wonder if botnet time itself has crashed -- with botmasters controlling botnets with tens of millions of PCs, you'd think it'd be pretty cheap to get ahold of ten or twenty thousand boxes to do some distributed computation or to zap that kid who just fragged you in Counter-Strike. I keep waiting to see spam for botnet time (apart from the spam offering to send spam, which, of course, is a kind of botnet rental) -- "GET A MILLION PCS FOR AN HOUR: ONLY $5!"
"There are programmers who are working for brokers, and the brokers are selling the malware to other criminals, who are then reselling the malware to other criminals," says Trend Micro's Parry. "When they capture a bunch of systems, they resell those systems to another criminal, and another criminal. The actual hacker types don't want to get their hands dirty with something that would actually send them to prison." Other groups build affiliate networks that tap into legitimate and semi-legitimate businesses. In a presentation at the Defcon hacking conference this year, Peter Gutmann of the University of Auckland's Department of Computer Science described networks in which businesses would pay affiliates up to 30 cents for each machine they infect with spyware or adware...
Other operations mirror legitimate software as a service providers. These "malware-as-a-service" providers rent out access to botnets or Web-based attack tools. Gutmann noted one example in which a Russian group rented out its malicious Website. A prospective buyer could get the 100 visitors for free, but then had to pay US$4 per 1,000 visitors up to 5,000, US$3.80 per 1000 up to 10000, and US$3.50 per 1,000 if they bought 10,000 or more. "Software rental is just another way to get money out of this market," says Oliver Friedrichs, Symantec's Director of Security Response. "It's common to see authors who write keyloggers and botnetworks, and then rent them out to people ultimately who may launch a phishing campaign or a spam campaign."
(via Beyond the Beyond
This gadget does exactly as promised: it looks like a thumbdrive (sort of) and fries the circuitry of any computer it’s plugged into. It’s made from camera flash parts, is charged with a standard AA battery, and delivers a 300V zap of DC destruction to the port for all your USB-murdering needs. Note that this […]
The Cobham catalog, exposed by The Intercept, features countless pages of surveillance gadgets sold to U.S. police to spy on American citizens: tiny black boxes with a big interest in you. In the creepily bland feature lists and nerdy product names is a whisper of a dark future; perhaps darker than anyone can imagine.
This image depicts the most commonly-found stylesheet colors on the web’s top sites—Paul Hebert did an amazing amount of analysis and this is just one of the intriguing visualizations he came up with. Most of these are obvious staples, especially HTML red and blue, though it’s interesting how far the blue “cluster” is from the […]
Loot Crate is a totally different kind of subscription service that mails subscribers monthly boxes filled with curated geek, pop culture, and gamer paraphernalia. Its cult following awaits a box every month filled with everything from bobble heads to T-shirts to special edition collectibles. But nothing gets Loot Crate fans as excited as the limited […]
The ARMOR-X Mini Flexible Phone Tripod is a smartphone tripod that is designed with flexible legs to rest on virtually any type of surface. Other tripods have proved useless unless I conveniently have a flat surface in front of me, which is why this particular tripod was appealing enough to try out. The ARMOR-X is compact and easy […]
You don’t need to get an advanced degree and take out massive loans to become a coder. This bundle of 10 courses was designed to teach anyone to code at home for less than it costs to go out for dinner. I was particularly impressed with this new 2017 bundle because it includes courses on […]