As little as $25 will buy you access to a thousand malware-infected PCs, neatly packaged as a botnet army to control or spy on. That's according to a security researcher studying underground souks of zombie computers. But the prices increase steeply for the more discerning crook who only wants to use compromised machines in …
per day, week, what?
Does this mean one could hire compromised PCs for legitimate distributed computing work more cheaply than EC2?!
I guess the cheap PCs are Chinese
Seeing as almost everyone in China uses an unpatched, pirated copy of XP.
Anyone have a porcelain pig lying around so that a few thousand can be bought and one can check where they are / reinstall them remotely with Linux?
Btw, El Reg, can we have a less fugly Tux icon, please?
Then we could have thousands of compromised Linux machines - dead smart.
No, these would be UNCOMPROMISED machines, of course. Configure max lock on iptables and set SELinux to enforcing. Gnihihihi....
So you want to make people think Linux is malware by installing it on their PCs via a botnet? Great thinking.
Really, would those people think anything? They wouldn't even know what Linux *is*, and if they did, why care? It's the rat cellar....
"Oh, the colours have changed. Hey, where is my Internet Explorer? I NO LONGER CAN WATCH MY VIDEO! HEY!!"
Are the price disparities due mainly to reputation or likely connection speed?
Just a stupid idea but if these bot net zombies were on computers that were low priority dead weight.
Along the above thinking I know it still illegal to blah blah but if a way to do something with them to make money then somehow the owner of the infected pc's gets compensated?
It almost seems akin to black mail... Shhh! Let us pay you to keep them infected! Either the owner is either naive & oblivious to the infection or they just do not care.
So in the case they do not care why not use the infected pc's for something good?
If I were so inclined to know how to program to make a executable to clean pc of any infection and use them for SETI research or cure for cancer. Then turn in any profits made to the police/govt along with full text history what was done to pc and give them the ability to use a kill command to nuke the computers once after investigations/research have been completed.
There's a legitimate business in there
The Pitch: Rent your PC idle time.
Your machine is professionally kept clean of malware by our PFY / software.
We run low impact processing loads on your hardware while you're not using it.
You get paid for the usage.*
All workloads and clients stringently checked to ensure legality.
Visit clusterjub.orb for more details.
*don''t quit your day job.
That is a seriously cheap render farm!
Whose to know if the same machine(s) aren't being used at the same time by another dodgy geezer(s), and would it be worth hiring out a botnet in order to monitor who is using them for nefarious purposes. Could crims be found stealing information from other crims in this manner ? Surely there's an exploit to exploit the exploit there somewhere ?
Away from the real problem: Who PAYS for the zombies?
This article is away from the real problem. Where is the MONEY come from?
Hint: It's the SPAMMERS.
If there was an email system that the spammers hated too much to spam, would you love it?
Wasting my breath and keystrokes, but I'll repeat the OBVIOUS suggestion: At least one of the Web-based email systems should include INDUSTRIAL-STRENGTH anti-spammer tools. EVERY part of the spammers' infrastructure should be targeted and ALL of the spammers' accomplices should be pushed to bankruptcy. ALL of the suckers who feed the spammers should be protected from the idiocy. Heck, let's even protect the corporate victims whose reputations are abused by the spammers.
Imagine a multi-round spam-fighting tool that would analyze the spam with increasingly refined targeting. Would you be willing to spend a few minutes and donate a bit of your intelligence to help shut down the spammers and prevent them from profiting? Of course you don't have to, but if it was easy enough for more people to do it, we can surely cut the spammers away from their extremely limited supply of suckers.
However, I think that some of the spam would get your goat and you would want to help stop it. Do you have children? Would you like to hammer on a spammer who targets children? What if you are actually a high-level executive who might be a legitimate target of spear phishing? Would you like tools to help you recognize the scam and shut it down? Maybe you work for a company that gets abused by spammers and you'd like to take a few shots at them?
Isn't Yahoo yet desperate enough to survive? What assets do they have left besides lots of email users who don't want to be bothered?
Re: Away from the real problem: Who PAYS for the zombies?
The spam rejection load on my email server has reduced last couple of years, but the spam that gets through seems mostly people I've dealt with in the past illigitimately selling on the custom addresses I gave them to others they think interested, before I shut down said custom addresses. Bots which start spewing will get blacklisted on zen.spamhaus.org within hours in the unlikely event they're not already on it, so not much problem there for a well configured email server.
More likely large botnets are being used more for Bitcoin mining these days when they're not stealing identities or propagating themselves to pwned contact lists. Running other people's compute power on their leccy bills sure must be cheaper than paying for your own, whatever they say about GPUs and dedicated ASIC Bitcoin mining rigs.
- Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Researcher sat on critical IE bugs for THREE YEARS