How much does it cost to buy 10,000 U.S.-based malware-infected hosts?


By Dancho Danchev

Earlier this month, we profiled and exposed a newly launched underground service offering access to tens of thousands of malware-infected hosts, with an emphasis on the fact that U.S.-based hosts were relatively more expensive to acquire, largely due to the fact that U.S.-based users are known to have a higher online purchasing power. How much does it cost to buy 10,000 U.S.-based malware-infected hosts? Let’s find out.

In this post, I’ll profile yet another service offering access to malware-infected hosts internationally, that’s been operating since the middle of 2012, and despite the fact that it’s official Web site is currently offline, remains in operation until present day.

More details:

Sample screenshot of the underground E-shop selling access to malware-infected hosts:

Malware_Infected_Hosts_as_a_Service_International_Europe_USA

The service is yet another example of a trend that’s been evident since the early days of the first Malware-as-a-Service underground market offerings, namely, the segmentation and use of perceived pricing schemes when it comes to U.S.-based malware-infected hosts. Naturally, purchasing access to U.S.-based malware-infected hosts is more expensive than, for instance, purchasing access to hosts based in Germany, Canada or the U.K., largely thanks to the fact that a U.S.-based user has a higher online purchasing power compared to the rest of the world.

If a potential cybercriminal wants to spread his fully undetectable piece of malware online, all he has to do is purchase access to the malware-infected hosts offered by such services, allowing virtually anyone access to “managed malware propagation” capabilities. The service that I’m profiling in this post is also attempting to “vertically integrate” within the cybercrime ecosystem by offering related “value added” services such as access to Socks5 servers, which are in reality malware-hosts converted to be used as anonymization proxies.

The prices are as follows:

  • 1,000 hosts World Mix go for $25, 5,000 hosts World Mix go for $110, and 10,000 hosts World Mix go for $200
  • 1,000 hosts EU Mix go for $50, 5,000 hosts EU Mix go for $225, and 10,000 hosts EU Mix go for $400
  • 1,000 hosts DE, CA and GB, go for $80, 5,000 hosts go for $350, and 10,000 hosts go for $600
  • Naturally, access to a U.S.-based host is more expensive compared to the rest of the world. A 1,000 U.S. hosts go for $120, 5,000 U.S. hosts go for $550 and 10,000 U.S hosts go for $1,000

Thanks to the rise of DIY (do it  yourself) underground market propositions, as well as managed services allowing novice cybercriminals to outsource the entire host acquisition, retention through QA (Quality Assurance), and dissemination of malicious campaigns to third-parties offering these capabilities as a service, we expect to see more of these services offering access to malware-infected hosts.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

10 thoughts on “How much does it cost to buy 10,000 U.S.-based malware-infected hosts?

  1. Pingback: Botnet organization, easy and cheap! | Security Affairs

  2. Pingback: Baas: Botnet as a service | I Love Spam

  3. Pingback: Need an army of zombie attack PCs? Yours for $25 per 1,000 | Technology News

  4. Pingback: Need an army of killer zombies? Yours for just $25 per 1,000 PCs | Gens News

  5. Pingback: Χρειάζεστε botnet; Με 25 δολάρια μπορείτε να αποκτήσετε 1000 PC

  6. Pingback: DDoS útoky v ČR - CleverAndSmart

  7. Pingback: InfoSec Institute Resources – Botnets and cybercrime – Introduction

  8. Pingback: How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts? | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  9. Pingback: Can illegal networks of zombie computers be a force for… good? | Cooper Journal

Join the Conversation

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s