Nov 23, 2011

Have we really reached the point where the ill intentioned can buy off the rack botnet and malware services?

Has Malware and botnet development become a "legitimate" storefront operation? I find it shocking that malware is freely available for purchase, often complete with user licensing agreements and updates as part of the package. The irony of off the shelf malware that includes licensing and free updates is pretty close to making my head explode. I don't want to post the link and help enable this, but there is a website that openly offers a Facebook/Twitter/google+ CAPTCHA bypass bot for sale. The idea that malware as a service (MaaS) is a reality, to the point that it has evolved into a more or less standard business model indicates just how much vigilance is required from an IT security standpoint. How can these types of sites openly sell this stuff?

Well remind me to get that captcha thing so I don't have to keep filling it out each time I post an answer. Ha! ;)

All kidding aside, yeah it does seem a bit ridiculous that they can do this. But how would you police it to stop them? Who would enforce it?

But maybe these things having visibility has an upside. It might make it easier for those tracking them to come up with solutions to stop them since they are more visible and easier to find and monitor.


It is a huge business, as the recent ChangeDNS botnet that infect four million computers reminded us.  I can understand the development and distribution from a purely logical standpoint (putting aside any considerations of morality) - someone can use their expertise, develop a product for a market that has ready buyers, receive a sort of recognition for the quality of their malware, and most importantly from their standpoint create income from their work.  Much malware is developed in the east in countries that were part of the Soviet Union, where there are well educated people with limited opportunity to turn their expertise into income that matches that which they would expect if they were MS/Apple/Google/etc. employees with the same skill-set.  


From a distribution standpoint, the majority of sales of "commercial" malware and bots takes place in underground forums on the dark web, with payments using established services such as Yandex.  Ironically, to succeed as a vendor and compete in the marketplace, individuals selling malware have to demonstrate a level of trustworthiness, good customer service and competitive pricing.  Since the vast majority of the host servers are not located in the US, it can be extremely difficult for officials in the nations where the malware is deployed to take effective legal action against the creators and users, even when they are identified.  It can be a low risk, high return business, so it does not surprise me that it exists and flourishes.  Now if you excuse me, I have to go update my anti-malware software!    


Answer this