Buy an infected PC for 5 cents
- 18 June, 2009 04:30
- Comments
It doesn't take much to get started in Internet crime these days. Find the right site, hand over $US50, and you can start wreaking havoc with 1,000 already-infected PCs.
Finjan, a San Jose, CA security company, looked into the "Golden Cash" site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs (or pay others to do so) with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn't cost much.
According to the price list in Finjan's report, a batch of 1,000 infected PCs in Australia costs $US100 - a whopping $US0.10 each. A batch in the US runs $US50, and bargain-basement bad guys can build a far-east malware network for as little as $US5 per 1,000. Crooks can then install other malware, send spam, embed rogue antivirus, or use the victim PCs in any number of profit-making scams.
Sites like Golden Cash are part of a thriving Internet black market that provide every service a bad guy could ever want. An infected Web site or e-mail with a malware attachment is only the tip of the iceberg, an end result of a widespread underground business. Other services might provide stolen credit card numbers, custom-built malware guaranteed to evade antivirus, or anonymous network access.
Scary stuff, but lucky for us, it's not that hard to keep a PC from becoming a criminal commodity. Most attacks use poisoned Web sites to go after old, unpatched security holes (the Golden Cash bot attack hunts for last year's MS08-041 ActiveX hole), or use a social engineering con-job to trick you into opening a poisoned e-mail attachment. Following good, basic security practices like keeping all your software up-to-date won't guarantee your safety, but will go a long way towards keeping Golden Cash and all the other scammers at bay.
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Finjan - Finjan's Research Unveils Botnet Trading Platform for hacked PCs
- An Inside Look at Internet Attackers' Black Markets - PC World
- Criminal Infrastructure Lets Malware Thrive - PC World
- Microsoft Security Bulletin MS08-041 - Critical: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
- The Five Most Dangerous Security Myths: Myth #5 - PC World
- IDC Whitepaper: Generating Proven Business Value with EMC Next-Generation Backup and Recovery
- Managing IBM License Complexity
- Essar Group - Essar Group executives enjoy printing on the move
- Agile: Transforming small-team thinking into big business results
- Selecting an Application Lifecycle Management Vendor: An Ovum Report
-
Drupal gains ground down under
-
NBN build gaining momentum daily: Quigley
-
Chambers: Networking's changing competitive landscape
-
The NBN, service providers and you... what could go wrong?
-
NBN build gaining momentum daily: Quigley
-
PowerPoint 2000 for Windows for Dummies
-
ALS Designing a Microsoft Windows 2000 Directory Services Infrastructure (70-219)
-
Excel 2003 VBA Programmer's Reference
-
Wiley Pathways
-
Computer Simulation in Business 2E
-
Handbook of Usability Testing
-
Red Hat Linux Networking and System Administration, Third Edition
-
Imovie 3 Solutions - Tips, Tricks & Special Effects with DVD
-
The Web Application Hacker's Handbook
Comments
Post new comment