Have botnet prices crashed?


24 Responses to “Have botnet prices crashed?”

  1. jackm says:

    #5 – Two words: Western Union.

    Speaking of money, where does the going rate for this stuff come from anyway? How do the prices for an illegal service like this get set?

  2. Lobster says:

    I’d never pay that kind of money to someone offering a highly cerebral task with such poor English.

    “Me do taxes you for now yes?”

  3. Gilgongo says:

    Best consult the oracle on this then: Peter Gutmann


    For anyone who’d interested in this stuff, Peter has written some jaw-dropping analyses of the industry of spam, malware and the use of botnets.

  4. bolamig says:

    Cheaper than buying vicodin from a spammer, and probably about as likely to actually get delivered.

  5. mackenzi says:

    Now, I wonder if these botnets are hooked into the cellphone network. Thousands of botnets in chorus on your cell connection to everyone – helping, connecting, transmissioning. This chorus also gives off what’s known as “side-stream radiation.” Anyone within 10 feet of a cell phone device is susceptible.

  6. larsrc says:

    Argument #1: If botnets were all-pervasive, the price should have crashed.

    This argument assumes that the botnets are spread among many “owners”. It is just as likely that there’s one or a few owners that hold the majority of bots, just like a few sites (like Google) get way more hits than most others. Since the efficiency of a botnet use is directly proportional to its size, these owners would be able to command higher prices.

    Argument #2: A spam email offers DDOS attacks for cheap.

    Who knows how big that operation is, or if it even exists? It may be trying to undercut because it doesn’t have the size of the big guns.

    Really, there is no data or solid argumentation is this article. Sloppy.

  7. ScruffyNerfHerder says:

    Speaking from second and third hand experience, the botnet is easy but sales are tough to come by and prices are largely determined by willingness to pay. Its the same for “internet surveillance” where you tabulate information on who visits what website by serving ads to them.

    Lots of money to be made from some suits, if you’ve got the hustle.

  8. angusm says:

    I’d be interested to see the full message including the URL of the site referenced.

    For some reason, joe-jobs are practically a national sport in Russia. I see a lot of spam claiming to offer “bullet-proof” hosting, spam and DDoS services, child porn, stolen credit card lists and other unacceptable content or services, with the message worded in such a way that it’s practically begging for someone to take action. The spams always include the URLs of the site that supposedly offers these services. If you actually follow the URLs, you’ll usually find that the site is either:

    a. An anti-spam service or an ISP with strong anti-spam policies, or
    b. An ‘underground’ site, such as a carder or hacker forum.

    Just from the way this message is written, I could easily believe that it’s either a spanked spammer trying to get revenge, or a ‘black’ site trying to get one of their rivals into trouble.

  9. wynneth says:

    The amusing part here is that they want you to trust someone is illegally accessing pcs and attacking sites WITH YOUR FINANCIAL INFORMATION. What’s to stop them just taking your money? Nothing.

  10. Charlie Stross says:

    Wynneth: carrying out — or commissioning — a DDoS is seriously illegal in many jurisdictions. So anyone buying this service is also a criminal. Do you really expect them to pay for a DDoS attack using a credit card they came by legally?

  11. Takuan says:

    what should be the penalty for commissioning/committing a DDos?

    I lean towards a life prison sentence, as should malicious virus writers also get.

  12. larsrc says:

    Takuan: Would you also give a life prison sentence to someone who broke into a company’s server room and yanked the power cord from their server? Same thing. Please grow a perspective. It’s not like we’re talking murder here.

  13. Rider says:


    While I agree with the sentiment of what you are saying, there is a huge difference between one person pulling a plug at one company, opposed to one person infecting tens of thousands of computers to pull of basically the same stunt.

    Also getting servers back online is an esay task compared to trying to block a massive DDoS.

  14. Anonymous says:

    so when i’ve seen the official website of the North Korea i thought someone should do an attack on that…

    but that was probably a really stupid idea, as some poor soul(s) would probably be tortured and/or shot for this.

  15. Charlie Stross says:


    (Horny Babe is hitting other threads with similar linkspam. Ironic here, annoying there.)

  16. klobouk says:

    Oh man, mods, can you please just cut the links and leave the spam comments intact? The two thus far are actually pretty amusing.

    • Antinous / Moderator says:

      can you please just cut the links and leave the spam comments intact?

      If I don’t tag them as spam, they won’t go to the star chamber for interrogation and punishment.

  17. Orky says:

    Takuan: you might really hate malware writers, but what about malware-writer-enablers?

  18. Anonymous says:

    Dang it!

    I paid them $70 with PayPal to attack BoingBoing to see if it is legit, but nothing happened!

    I am going to complain to the Consumerist now that I didn’t get the DDoS that I paid for!

    (Yes, this is a joke.)

  19. dragonfrog says:

    Wynneth: carrying out — or commissioning — a DDoS is seriously illegal in many jurisdictions. So anyone buying this service is also a criminal. Do you really expect them to pay for a DDoS attack using a credit card they came by legally?

    Many if not most of the people carrying out and commissioning DDoS attacks are also idiots of the first order – so I really wouldn’t be surprised if a fair number did use their own credit cards.

    Of course, you can also send money with your credit card via an intermediary like PayPal – doesn’t help much with traceability, but it doesn’t give the bot-herder your CC information. Or you could just put some banknotes in an envelope and post it to Ghana or wherever the herders operate out of.

  20. dragonfrog says:

    Takuan – how about a real-life DDoS against the perpetrator for the rest of their life? They get a forehead tattoo, which means that from now on everyone else must be served before them, and they must perpetually go to the back of any line.

    Want a cup of coffee downtown at 10 AM ? Sorry, you’ll have to hang around till the lines die down around 6 this evening…

  21. Takuan says:

    cutting the heads off malware authors and DDos inflicters won’t prevent either. It will , however, raise the stakes so that those that do will have a damned good reason for doing it.

    It’s like human life; assassins SHOULD be expensive.
    Or the price of policemen, it should be high.

  22. Takuan says:

    I like that one, Dragon frog! Simple, basic justice and quick too.

Leave a Reply