Related Links

Related Stories

Top 5 Stories


Iranian Cyber Army offers its botnet for rental

27 October 2010

The Seculert Research Lab is reporting that a hacktivist group called the Iranian Cyber Army is renting out access to its botnet. Although not the first time a botnet has been put up for rent – the first known botnet/crimeware renter was BadB in the early noughties – this is one of the most high-profile 'offers' seen to date.

According to Paul Spencer, general manager at security firm AEP Networks, cybercrime is now a business and botnets are the heart of the cybercrime infrastructure.

"[Reports of] the selling of the botnet by the Iranian Cyber Army doesn't come as any surprise as cyber criminals, just like any other criminals, need to find new ways to make money. But it's no longer just about making a quick buck. The potential for the botnet to be used in a targeted attack against critical infrastructure is very real", he said.

"With the goal of the Iranian Cyber Army to 'conquer virtual space', the move away from defacement attacks against Twitter and Baidu towards malicious botnets sees it aiming to fulfill its powerful objective", he added.

Over at Lumension, meanwhile, Alan Bentley, the IT security vendor's vice president of international, said that the Iranian Cyber Army's decision to sell its botnets is evidence of a more coordinated effort than ever before by the hacking community to execute targeted attacks.

"[While] this is certainly not the first case of malicious code being sold online, with the rise of highly complex attacks like Stuxnet and Zeus, the online hacker shops of old seem like childs play when compared to this new wave of collaborative cyber warfare", he said.

"Cyber criminals are no longer just intent on stealing personal details for a quick cash hit or on sending inconvenient spam emails. They have much bigger prizes in mind, and are creating mechanisms dedicated at corporate espionage and attacking against real-world infrastructures, such as power stations. These attacks are more targeted, more sophisticated, and more potent", he added.

Noa Bar Yosef, data security specialist Imperva's senior security strategist, said that, while botnet rental rates vary depending on a number of factors, prices are falling due to market competition.

There are, he said, many different aspects, which are taken into account when setting the price of a botnet rental – these include the size of the botnet; type of attack (e.g. spam, DDoS, credential fetching); target (military, private organizations, targeted or widespread); plus geo-location and the length of attack.

"A 24-hour DDoS attack can be anything from a mere $50 to several thousand dollars for a larger network attack. Spamming a million emails, given a list, ranges between $150–$200, [while] a monthly membership for phishing sites is roughly $2,000", he said.

Bar Yosef added that, in general, this type of rentware activity doesn't impact the detection of botnets, as many of the command and control servers use fast-flux technology.

This, he explained, is where the server constantly changes, so it is harder to find the 'brains' behind the zombies and take it down.

This article is featured in:
Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×