Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

Rent Your Own Botnet 79

An anonymous reader writes "New research shows that the TDSS/TDL-4 botnet, widely considered one of the largest and most sophisticated, can be rented via a Web storefront available to all comers. Researchers from Kaspersky found that the latest version of TDSS installs a file that sets the machine up as a proxy for anonymous browsing, and then phones home to awmproxy.net, which rents the proxies for rates from $3 per day to $300 a week. The curators of this service even created a Firefox add-on to help customers. 'Interestingly, AWMproxy says it accepts payment via PayPal, MasterCard, and Visa.'"
This discussion has been archived. No new comments can be posted.

Rent Your Own Botnet

Comments Filter:
  • The site [awmproxy.net] is real, and amusing.

    It's hosted by Leaseweb. It uses Google Analytics, with Google ID 'UA-3816538-24'.

    • by ge7 ( 2194648 )
      To me it looks more like a proxy site. It doesn't really say anywhere it's a botnet. I guess you could install TOR end nodes on botnet too, does that make TOR illegal?
    • I wonder if you can specify the IP address range of the "proxies" you'd want.

      First off, to see if any machines that you're responsible for have been cracked.

      Secondly, penetration tests. Why bother with SQL injections and such if you can just rent half a dozen pre-cracked boxen there.

  • Publish some leaked secrets and get your accounts repeatedly frozen. Blatantly engage in electronic fraud, computer intrusion and spamming, and bill for these services via credit card with impunity.

    • by Anonymous Coward

      Idiot. There's no conspiracy here. Wikileaks got the attention of the press and authorities very quickly. This rent-a-bot site is just now making news, and when the payment processors get word of it, they will cut off business.

      CAPTCHA: Stoned. You must be smoking something...

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        > when the payment processors get word of it, they will cut off business.

        Huh? Call up a credit card company and tell them they are allowing people to rent botnets by using said credit card. They will have no idea wtf you are talking about, and they certainly wouldn't care. It will take courts/governments to get them to stop accepting the charges for these services. And even then it its a one-off thing. Credit card companies don't have a toggle button that turns off CC payments that go to botnet managers.

        • call up a credit card company and talk to one of the call centre folks on the ground about cyber security... yeah, good luck with that.

          if you were to ask to speak to a manager, saying that their services are being used by criminal gangs to commit fraud and money laundering, you'll get a bit further.

          • or better yet if you introduce your self as Special Agent Mug Funky (or whatever your DL says) and state that you are currently investigating a possible crime then maybe you might get some action (and if you are actually SA Funky it might be legal to do so :) )

  • Interestingly, AWMproxy says it accepts payment via PayPal, MasterCard, and Visa.

    Do they accept payment in bitcoin and is the botnet big enough to mine more BTC/hr than the rental cost in BTC/hr? Hmm.

    • is the rental cost below ~15 cents per hour? probably not.

      • Three dollars a day is 12.5 cents an hour. Now can you actually turn out more than 12.5 cents worth of bitcoins per hour on what you're renting with that money? Probably not. I haven't visited the site since I'm at work, but I'm guessing the $3 a day figure is for renting a single box for proxied web browsing, not anything capable of doing any heavy lifting.
        • yeah, it comes down to whether these trailer parkers with 0wned boxes have serious GPUs. the answer to that is no, and if they did i'm sure the "owners" would be mining the btc themselves.

    • by Timmmm ( 636430 )

      No, and obviously not since you can only use the machines as a proxy.

      • by vlm ( 69642 )

        No, and obviously not since you can only use the machines as a proxy.

        Ah, I misread, I thought the proxy site was purchasing botnet time for resale as proxies.

  • Those bots aren't a threat to US-American hegemony. An when there's a buck to be made... "(Thug-)Life takes Visa."
  • So can you rent the botnet, and run a program that disinfects the botnet systems? Seems like that'd be a nice bit of white-hattery...

    • So can you rent the botnet, and run a program that disinfects the botnet systems?

      No, it'd probably just disinfect the inside of the virtual machine that the botnet has installed. Or at least that's how it'd be if the botnet is as professional as Amazon's EC2 botnet [amazon.com].

      • Comment removed based on user account deletion
        • They don't have to virtualize at all. Proxy != VM

          Some vulnerability in their software could theoretically be used to execute arbitrary code on the host to clean the machine, and yes, that would be neat. It would be hard to compete with the other botnet software trying to do the same, however.

          Also, I bet they would double-charge your Visa. Or worse.

    • by PPH ( 736903 )
      You'll never get your damage deposit back.
  • Maybe Wikileaks should have been a botnet.

  • Yeah you can buy whatever you want with MC/Visa: nazi/white supremacist paraphernalia, a donation to the KKK, some botnet time, whatever, just don't try to donate to Wikileaks or buy anything of questionable copyright status!

    • by spauldo ( 118058 ) on Tuesday September 06, 2011 @08:08PM (#37322326)

      Donating to white supremacist causes is covered by the first amendment.

      It's not actually illegal to be an asshole. Sure, a KKK member legally can't turn down a black man's job application based on his race, but he's within his rights to feel that the law should be changed to allow him to do so. This same right protects a lot of good stuff as well.

      Buying botnet time is probably illegal. Buying pirated goods is illegal. Donating to Wikileaks shouldn't be illegal, but the government probably considers them a 'terrorist group' or something, and donating money to terrorist groups is certainly illegal. Buying cigarettes overseas and not paying tariffs on them is illegal (oops!). You can do tons of illegal stuff with your Visa or Mastercard - sometimes you get caught, and sometimes you don't.

      • by booch ( 4157 ) *

        And how, exactly, is the KKK not a terrorist organization? They've actually been known to -- get this -- terrorize black people. They've bombed houses and churches, lynched people, and burned crosses in people's yards to scare them.

        • by spauldo ( 118058 )

          From a legal standpoint, a terrorist organization is not a group that terrorizes people.

          A terrorist organization is a group of people the government has chosen to put on the list of terrorist organizations.

          Now, don't get me wrong - I have no love for the KKK - but it's been quite a while since they went around lynching people and bombing churches and whatnot. If they started it up again, they'd be put on the list.

          • by Anonymous Coward

            And who cares for that "legal standpoint"? Which actually is just a deliberate euphemism for "standpoint of those in power", and completely unrelated to the standpoint of those among us, who still have their own opinions. (99.99% don't.)
            Yes, since it's by "those in power" one has to act like one cares, until one can stab them in the back. But nobody who can still be considered an individual actually does.

            • by spauldo ( 118058 )

              Wow, incoherent much?

              I can't tell what your post has to do with my comment. You seem to be advocating some sort of vigilante action, but I can't tell if you're wanting to stab politicians or KKK members.

  • I earnestly hope this gets taken down ASAP or some innocent people might wind up in prison thanks to pedos renting the botnet to get kiddie porn. I'd think that if they're taking payment via credit card then they damned well should be traceable by some means.
  • by ChinggisK ( 1133009 ) on Tuesday September 06, 2011 @04:06PM (#37320586)
    C'mon, enough with the slashvertisements already!
  • International law enforcement needs to get to work flowing the money. Follow it through botnet rentals, affiliate marketing programs, etc. Cut off flow of money and botnet dies.
  • So in addition to an open wifi router, we now have another means by which an innocent user can unwittingly have copyrighted music and movie files downloaded via his/her IP address.
  • So I can use Visa or Master card to rent time on a botnet which goes to criminals but I cannot use then to donate to Wikileaks.....
  • Can you distribute virtual machines across a bot network?

  • I wonder if you could rent a botnet to attack other botnets?

    • by kmoser ( 1469707 )
      Yo Dawg, I heard you liked botnets so I but a proxy on your botnet so you can attack other botnets.
  • Trashy old computer: $100.

    Botnet rental: $3.

    DDoS'ing your credit card company: Priceless.

    There's some things money can't buy.

  • If we want the world to be free of spam, free of botnets and a nice happy virtual land to live in then the simple answer lies with PayPal and the credit card companies.

    If you cut off the payments then the blackhats will have to find something else to make their evil millions.

    Of course, the problem is that PayPal, Visa, Mastercard and others like their revenue stream too much, they like their 1% cut of the spammer's ill gotten gains. They won't stop while any cash cow that can still be milked.

  • If I was Bill Gates and serious about taking down this monster, I would use a lot of cash to keep it fully rented for a month, and within that month send out specially crafted ads, that can be traced back to its originating IP, this way we can find out exactly who is infected with this IP address. This IP address person can be contacted through their ISP and let it be known they are part of a botnet, and allow them to download a free tool from MS to clean up their machines, of course...there would be resist

    • I'd rather just use all that money to hire ninjas to sneak in and disinfect the computers, or at least cut the wire connecting it to the internet.
      • Ahhh...but the ninjas would never sneak in, ...they would disembowel the owner of
        the computer, and proceed to hunt down all family members so this sort of ignorance would never happen again....

        "my blood flows with the upheaving forces of the universe....."

Keep up the good work! But please don't ask me to help.

Working...