How the Web Works: The Malware Marketplace
Interested in a career in online crime? There's a thriving underground economy dedicated to supplying you with all the tools you need.
Thu, 1 Nov 2007 05:00:00 UTC
The Malware Shadow Economy
Illustration by Mick Wiggins
Today's aspiring Internet crooks don't need any programming skills. They just need to know where to shop. An entire shadow economy has arisen online, with suppliers, service providers, and other middlemen ready--for a fee--to help the unethical entrepreneur. Shown here is an example of how easy it is these days to become a bot herder, someone who sets up a vast network of remote-controlled, bot-infected computers and then rents the malicious services of that zombie army to spammers and other bad guys.
Shop at the Bot Store
Illustration by Mick Wiggins
For a few hundred bucks, you can buy custom-built bot software, complete with tech support. The malware is guaranteed to evade antivirus programs and turn the unlucky computers it lands on into zombies ready to respond to your every command.
Get a Browser Burglary Kit
Illustration by Mick Wiggins
MPack will set you back a cool grand, but it's a powerful software tool that'll load up a Web site with exploits that can take over a browser and force it to download malware.
Head to Sites 'R' Us
Illustration by Mick Wiggins
For $10 a month, buy your bot a home and a URL with hosting providers in China, Russia, and elsewhere who turn a deaf ear to complaints about the vicious malware hosted on their servers.
Hire a Spammer
Illustration by Mick Wiggins
How do you entice people to visit your malware-loaded site? For $150, spammers will distribute a million "Click this link for naked Lindsay Lohan pics!" e-mail messages, complete with your site's URL.
Rent a Bot
Illustration by Mick Wiggins
Now you're ready to begin making money! You have infected 10,000 victims and have a botnet of your own. You can sell its spam-spewing services at any number of black-market service sites, or offer it for devastating denial-of-service attacks against targets of your customers' choosing.
