Buy an infected PC for 5 cents
- 18 June, 2009 04:30
- Comments
It doesn't take much to get started in Internet crime these days. Find the right site, hand over $US50, and you can start wreaking havoc with 1,000 already-infected PCs.
Finjan, a San Jose, CA security company, looked into the "Golden Cash" site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs (or pay others to do so) with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn't cost much.
According to the price list in Finjan's report, a batch of 1,000 infected PCs in Australia costs $US100 - a whopping $US0.10 each. A batch in the US runs $US50, and bargain-basement bad guys can build a far-east malware network for as little as $US5 per 1,000. Crooks can then install other malware, send spam, embed rogue antivirus, or use the victim PCs in any number of profit-making scams.
Sites like Golden Cash are part of a thriving Internet black market that provide every service a bad guy could ever want. An infected Web site or e-mail with a malware attachment is only the tip of the iceberg, an end result of a widespread underground business. Other services might provide stolen credit card numbers, custom-built malware guaranteed to evade antivirus, or anonymous network access.
Scary stuff, but lucky for us, it's not that hard to keep a PC from becoming a criminal commodity. Most attacks use poisoned Web sites to go after old, unpatched security holes (the Golden Cash bot attack hunts for last year's MS08-041 ActiveX hole), or use a social engineering con-job to trick you into opening a poisoned e-mail attachment. Following good, basic security practices like keeping all your software up-to-date won't guarantee your safety, but will go a long way towards keeping Golden Cash and all the other scammers at bay.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- Finjan - Finjan's Research Unveils Botnet Trading Platform for hacked PCs
- An Inside Look at Internet Attackers' Black Markets - PC World
- Criminal Infrastructure Lets Malware Thrive - PC World
- Microsoft Security Bulletin MS08-041 - Critical: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
- The Five Most Dangerous Security Myths: Myth #5 - PC World
- How will CIOs meet growing Security Threats?
- Virtual Certainty - Best Practices for Gaining Monitoring Clarity in VMware Environments
- Fixing Your Dropbox Problem - How the Right Data Protection Strategy Can Help
- Seven SOA Practices to Unlock Business Value
- Oracle SOA vs. IBM SOA - Customer Perspectives on Evaluating Complexity and Business Value
-
Coalition NBN better or worse?
-
CSIRO develops hands-free technology for mining repairs
-
Broadband Forum to improve IPTV performance with new spec
-
Amazon Web Services moves backups to cloud with new appliance
-
Callforfree.net.au offers free calls to 70 countries
-
Windows 7 for Dummies®
-
Teach Yourself Visually Windows 7
-
Office 2007 for Dummies
-
Windows 7 for Dummies® Dvd+book Bundle
-
Computers for Seniors for Dummies, 2nd Edition
-
Microsoft Office
-
Office 2007 All-In-One Desk Reference for Dummies
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Seniors for Dummies®
Comments
Post new comment