Have botnet prices crashed?

Years ago, my friend John Gilmore told me he thought accounts of the spread of botnets (massive networks of virus-compromised machines that can be used in concert to send spam, attack servers, etc) were overblown, because if botnets were really all-pervasive, then the price of using them should have crashed. Now comes this spam, on one of my personal blogs, and I wonder, has the great botnet price-crash finally hit?
Tired of a competitor's site? Hinder the enemy? Fed pioneers or copywriters?

Kill their sites! How? We will help you in this!
Obstructions of any site, portal, shop!

Different types of attacks: Date-attack, Trash, Attack, Attack, etc. Intellectual
You can work on schedule, as well as the simultaneous attack of several sites.

On average the data, ordered the site falls within 5 minutes after the start. As a demonstration of our capabilities, allows screening.

Our prices

24 hours of attack - $ 70
12 hours of the attack - $ 50
1 hour attack - $ 25


  1. Cheaper than buying vicodin from a spammer, and probably about as likely to actually get delivered.

  2. Argument #1: If botnets were all-pervasive, the price should have crashed.

    This argument assumes that the botnets are spread among many “owners”. It is just as likely that there’s one or a few owners that hold the majority of bots, just like a few sites (like Google) get way more hits than most others. Since the efficiency of a botnet use is directly proportional to its size, these owners would be able to command higher prices.

    Argument #2: A spam email offers DDOS attacks for cheap.

    Who knows how big that operation is, or if it even exists? It may be trying to undercut because it doesn’t have the size of the big guns.

    Really, there is no data or solid argumentation is this article. Sloppy.

  3. Speaking from second and third hand experience, the botnet is easy but sales are tough to come by and prices are largely determined by willingness to pay. Its the same for “internet surveillance” where you tabulate information on who visits what website by serving ads to them.

    Lots of money to be made from some suits, if you’ve got the hustle.

  4. The amusing part here is that they want you to trust someone is illegally accessing pcs and attacking sites WITH YOUR FINANCIAL INFORMATION. What’s to stop them just taking your money? Nothing.

  5. Wynneth: carrying out — or commissioning — a DDoS is seriously illegal in many jurisdictions. So anyone buying this service is also a criminal. Do you really expect them to pay for a DDoS attack using a credit card they came by legally?

  6. what should be the penalty for commissioning/committing a DDos?

    I lean towards a life prison sentence, as should malicious virus writers also get.

  7. Takuan: Would you also give a life prison sentence to someone who broke into a company’s server room and yanked the power cord from their server? Same thing. Please grow a perspective. It’s not like we’re talking murder here.

  8. @larsrc’

    While I agree with the sentiment of what you are saying, there is a huge difference between one person pulling a plug at one company, opposed to one person infecting tens of thousands of computers to pull of basically the same stunt.

    Also getting servers back online is an esay task compared to trying to block a massive DDoS.

  9. so when i’ve seen the official website of the North Korea i thought someone should do an attack on that…

    but that was probably a really stupid idea, as some poor soul(s) would probably be tortured and/or shot for this.


    (Horny Babe is hitting other threads with similar linkspam. Ironic here, annoying there.)

  11. Oh man, mods, can you please just cut the links and leave the spam comments intact? The two thus far are actually pretty amusing.

    1. can you please just cut the links and leave the spam comments intact?

      If I don’t tag them as spam, they won’t go to the star chamber for interrogation and punishment.

  12. Dang it!

    I paid them $70 with PayPal to attack BoingBoing to see if it is legit, but nothing happened!

    I am going to complain to the Consumerist now that I didn’t get the DDoS that I paid for!

    (Yes, this is a joke.)

  13. Wynneth: carrying out — or commissioning — a DDoS is seriously illegal in many jurisdictions. So anyone buying this service is also a criminal. Do you really expect them to pay for a DDoS attack using a credit card they came by legally?

    Many if not most of the people carrying out and commissioning DDoS attacks are also idiots of the first order – so I really wouldn’t be surprised if a fair number did use their own credit cards.

    Of course, you can also send money with your credit card via an intermediary like PayPal – doesn’t help much with traceability, but it doesn’t give the bot-herder your CC information. Or you could just put some banknotes in an envelope and post it to Ghana or wherever the herders operate out of.

  14. Takuan – how about a real-life DDoS against the perpetrator for the rest of their life? They get a forehead tattoo, which means that from now on everyone else must be served before them, and they must perpetually go to the back of any line.

    Want a cup of coffee downtown at 10 AM ? Sorry, you’ll have to hang around till the lines die down around 6 this evening…

  15. cutting the heads off malware authors and DDos inflicters won’t prevent either. It will , however, raise the stakes so that those that do will have a damned good reason for doing it.

    It’s like human life; assassins SHOULD be expensive.
    Or the price of policemen, it should be high.

  16. Now, I wonder if these botnets are hooked into the cellphone network. Thousands of botnets in chorus on your cell connection to everyone – helping, connecting, transmissioning. This chorus also gives off what’s known as “side-stream radiation.” Anyone within 10 feet of a cell phone device is susceptible.

  17. #5 – Two words: Western Union.

    Speaking of money, where does the going rate for this stuff come from anyway? How do the prices for an illegal service like this get set?

  18. I’d never pay that kind of money to someone offering a highly cerebral task with such poor English.

    “Me do taxes you for now yes?”

  19. I’d be interested to see the full message including the URL of the site referenced.

    For some reason, joe-jobs are practically a national sport in Russia. I see a lot of spam claiming to offer “bullet-proof” hosting, spam and DDoS services, child porn, stolen credit card lists and other unacceptable content or services, with the message worded in such a way that it’s practically begging for someone to take action. The spams always include the URLs of the site that supposedly offers these services. If you actually follow the URLs, you’ll usually find that the site is either:

    a. An anti-spam service or an ISP with strong anti-spam policies, or
    b. An ‘underground’ site, such as a carder or hacker forum.

    Just from the way this message is written, I could easily believe that it’s either a spanked spammer trying to get revenge, or a ‘black’ site trying to get one of their rivals into trouble.

Comments are closed.