How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts?

By Dancho Danchev

For years, many of the primary and market-share leading ‘malware-infected hosts as a service’ providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. This sociocultural trend was then disrupted by the Carberp gang, which started targeting Russian and Eastern European users, demonstrating that greed knows no boundaries and which ultimately led Russian and Ukrainian law enforcement to the group.

What’s the probability that Russian/Eastern European cybercriminals will continue targeting their own fellow citizens in an attempt to monetize the access to their PCs in the most efficient and profitable way possible? Huge.

In this post, I’ll profile a recently launched ‘malware-infected hosts as a service’ type of underground market service proposition selling access to Eastern European based hosts, discuss the pricing scheme used, as well as emphasize on the long-term perspective of these services. All during a time where novice cybercriminals have access to sophisticated DIY (do it yourself) malware generating tools.

More details:

Sample screenshot of the underground market advertisement:


A thousand malware infected hosts in Ukraine goes for $149, a thousand malware-infected hosts in Russia goes for $150, a thousand malware-infected hosts in Kazakhstan goes for $100 and a thousand malware-infected hosts in Belarus goes for $100, and lastly, a thousand host “Mix” goes for $25. The service also allows the purchase of a hundred hosts for $3, but fellow cybercriminals will only get access to a panel to monitor the activity, allowing them to confirm the ‘legitimacy’ of the service proposition.

The cybercriminal behind the service accepts WebMoney, Bitcoin and Yandex Money.

Either as the result of active large-scale malicious spam campaigns or targeted malware attacks, the cybercriminal behind this service is taking advantage of a basic marker concept known as market segmentation, allowing fellow cybercriminals to directly abuse the access of PCs located in their country of choice.

Meanwhile, in a series of blog posts, we’ve been highlighting a trend that’s been an everyday reality over the last couple of years, namely the fact that U.S based malware-infected hosts continue commanding the highest price in ‘malware-infected hosts as a service’ underground markets. What the current Russia/Eastern Europe-centered service demonstrates is that, geographically dispersed infected locations continue having their prices shaped using perceived value/competition based pricing schemes.

As always, we’ll keep an eye on the future development of this service and post updates as soon as new features are introduced.

New to the Threat Blog? Consider catching up with the following previously profiled underground services:

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

2 thoughts on “How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts?

  1. Pingback: Newly launched managed ‘malware dropping’ service spotted in the wild | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  2. Pingback: The East is Cracking Down on E-Money, Too | Discover the Steps To Financial Freedom that will skyrocket you towards financial success.

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s