Buy an infected PC for 5 cents

Sites like Golden Cash are part of a thriving Internet black market that provide every service a bad guy could ever want

It doesn't take much to get started in Internet crime these days. Find the right site, hand over $US50, and you can start wreaking havoc with 1,000 already-infected PCs.

Finjan, a San Jose, CA security company, looked into the "Golden Cash" site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs (or pay others to do so) with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn't cost much.

According to the price list in Finjan's report, a batch of 1,000 infected PCs in Australia costs $US100 - a whopping $US0.10 each. A batch in the US runs $US50, and bargain-basement bad guys can build a far-east malware network for as little as $US5 per 1,000. Crooks can then install other malware, send spam, embed rogue antivirus, or use the victim PCs in any number of profit-making scams.

Sites like Golden Cash are part of a thriving Internet black market that provide every service a bad guy could ever want. An infected Web site or e-mail with a malware attachment is only the tip of the iceberg, an end result of a widespread underground business. Other services might provide stolen credit card numbers, custom-built malware guaranteed to evade antivirus, or anonymous network access.

Scary stuff, but lucky for us, it's not that hard to keep a PC from becoming a criminal commodity. Most attacks use poisoned Web sites to go after old, unpatched security holes (the Golden Cash bot attack hunts for last year's MS08-041 ActiveX hole), or use a social engineering con-job to trick you into opening a poisoned e-mail attachment. Following good, basic security practices like keeping all your software up-to-date won't guarantee your safety, but will go a long way towards keeping Golden Cash and all the other scammers at bay.

More about: CA Technologies, etwork, Finjan, Microsoft
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: botnets
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/58/seamonkey/

Seamonkey

Seamonkey includes an Internet browser, email and newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools. SeaMonkey will ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia